Closed
Bug 784593
Opened 12 years ago
Closed 8 years ago
Silent addon installation without user prompting
Categories
(Toolkit :: Add-ons Manager, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: spylogsster, Unassigned)
Details
Attachments
(1 file)
|
9.50 KB,
application/octet-stream
|
Details |
It is possible to install any addon without user prompting, we need copy new xpi to staged directory in extensions dir and Firefox will install it automatically
|
||
Comment 1•12 years ago
|
||
Could you be more specific how/where/when exactly you are performing this copy?
Group: core-security
Component: Plug-ins → Add-ons Manager
Product: Core → Toolkit
|
||
Comment 2•12 years ago
|
||
Yes, this is a known way to get around the third-party install mechanisms currently in place. As far as we're aware no-one is taking advantage of it (aside from our own automated testing frameworks). There is only so far we can go to block this sort of thing without adversely affecting our ability to develop Firefox, I don't think we need to put any additional protection in place here at this point.
|
Reporter | |
Comment 3•12 years ago
|
||
|
|
Reporter | |
Comment 4•12 years ago
|
||
copy attached xpi to
c:\Users\[username]\AppData\Roaming\Mozilla\Firefox\Profiles\[profile]\extensions\staged\{4F5C2312-44DB-4bc9-84A7-E3B67A19EEE7}.xpi
and FF will install it automatically
|
||
Comment 5•8 years ago
|
||
This issue is no longer reproducible on Firefox 52.0a1 (2016-11-13), Firefox 51.0a2 (2016-11-13), Firefox 50.0 (20161104212021) and Firefox 49.0.2 (20161019084923) under Windows 10 64-bit and Ubuntu 16.04 32-bit. The add-on approval installation tab is successfully prompted after restarting the browser while following the steps from description.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•