Closed Bug 815574 Opened 8 years ago Closed 8 years ago

Third party software installs plugins and modify homepage and default search engine without user knowing

Categories

(Firefox :: Security, defect)

x86_64
Windows 7
defect
Not set
major

Tracking

()

RESOLVED DUPLICATE of bug 454769

People

(Reporter: transcender, Unassigned)

Details

Summary: users must opt in for any changes brought about by third party applications, especially plugins. Until then they must remain turned off. It is a possible security breach. We need to have full control over it.

Now in more details.

It's a longstanding issue. I've had numerous third party apps that would silently install their plugins into Firefox and you wouldn't know that unless you open plugins page.
Not only users should be warned that a new plugin appeared, but this plugin must be disabled by default. It might be presented in a form like "Firefox has detected a new plugin and needs your permission to enable it. We care for your security" or similar. And maybe a checkbox to disable this behavior for those who don't want this additional precaution. Of course with an option somewhere to enable it.

E.g. Java, when it updates, re-enables its plugins and also you find them turned on again, even if you disabled them before update. Even updates of enabled plugins might require some kind of warning and enable/disable dialog.

Click-to-play is only a half-measure. It works fine for those plugins that require some content on the page to work. But what does Google Update do in Firefox as a plugin and does it really need any content on pages at all to be running?? I doubt so.
When I heard of opt-in plugin activation I hoped for a more radical solution. Browsers just shouldn't enable plugins unless users confirm they want it.

There are numerous examples to it. Google installs its updater, I even got some plugins from Wacom graphical tablet - without a sign of warning. I've no idea what many others did until I discovered them.
There are also apps that may change your start page or default search engine. I think these also must be protected in similar manner. I think is it a good idea for Thunderbird and anything else that may have plugins.
You are running software with administrator privileges on your system (third party installers) and are wondering yourself why this software can do everything on your system that it wants ?
Come on...

The installer could for example replace Firefox.exe with Opera.exe and there is nothing that Firefox could do to prevent that.

The only valid point in this report is that there could be a warning if a new plugin gets installed in a similar way we do that with global extensions. That is however no guarantee that an installer couldn't workaround and disable the warning.
Some extensions already workaround the new extension warning and there is nothing that we could do to avoid that except trying to block such extensions.
Firefox offers in new version also a way to restore your keyword search URL in case it got changed.

anyway, marking as dupe of bug 454769
Note: Please don't protest against the duping because your report covers more than just bug 454769. 
Bug reports are required to contain one single issue and not several.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 454769
Well, at least such software that try to hack into Firefox will get listed as malware in antivirus companies.
Yes, you're right, this bug had been reported (sorry, I tried to search for it), and the first submissions date back several years! And no action taken. Why? I think this needs more attention. Why nobody of developers takes this issue seriously? I like Firefox's extensibility and degree of control I have over virtually every aspect of web browsing. Except for this one. And still click-to-play is a half-measure and can break some sites (like audioclips @ vk.com - there's nowhere to click).


Speaking of administrator privileges under Windows. Isn't UAC designed to address this? But if you choose to install an app either way, with UAC, or having another account and working solely as a simple user, or having it done by another person who's administrator - you still get those plugins without warning. No matter how you install that third party software, it will install its plugins. All browsers do is discover them and - that is the real problem - just let those plugins be enabled by default. I don't care what those companies think about their precious software. I only need Google update running when I run their software. I don't need Java applets every time I update Java. Even though I block things with NoScript, it's hard to selectively allow, say, JavaScripts and leave out Java or AdobeFlash from that domain. And some plugins have a purpose that isn't evident and perhaps are not affected by NoScript policy and content of the pages. I don't want my usage stats sent or any kind of interference with my browsing without my consent. I believe most of Firefox power users don't either.

I might wanna do without any plugins but I still need Adobe Flash, sadly. Or, god forbid, I'll have someday to deal with Silverlight laden site and have no alternative to that.

So, what can we do to have this welcome-all-plugins policy changed in Firefox?
>And no action taken. Why? 
short:We accept patches
long: Developers think that there are more important bugs to fix 

>Isn't UAC designed to address this?
Read: https://developer.mozilla.org/en-US/docs/Gecko_Plugin_API_Reference/Plug-in_Basics#How_Gecko_finds_plug-ins

Plugins installed in the user directory are only visible for that user. Other entries require advanced privileges. A "user" Account shouldn't have the privileges to write in this locations.

Plugins in general aren't active the whole time. They are only active if the browser gets a document with a mime-type back from a http server that the plugin registered.
You need to log in before you can comment on or make changes to this bug.