Closed
Bug 816289
Opened 12 years ago
Closed 9 years ago
Create about:config pref for allowing non-AMO addon installs
Categories
(Firefox for Android Graveyard :: Add-on Manager, defect)
Firefox for Android Graveyard
Add-on Manager
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: dchanm+bugzilla, Unassigned)
References
Details
(Keywords: csectype-priv-escalation, sec-moderate, sec-want)
It was brought up during a security review of exposing JNI js-ctypes that a preference should be created to prevent non-AMO addons from being installed. The preference should be similar to the Android "Unknown Sources" setting. enabled - allow non-AMO addon installs disabled (default) - only allow addons to be installed from AMO The goal is to mitigated some of the risk resulting from exposing JNI to js.
|
||
Updated•12 years ago
|
Keywords: csec-priv-escalation,
sec-high
|
||
Comment 1•12 years ago
|
||
I assume we would be adding the preference to the platform (all apps) not just Firefox on Android.
|
||
Updated•12 years ago
|
Group: core-security
|
|
||
Updated•12 years ago
|
|
||
Comment 2•12 years ago
|
||
If I understand correctly, the existing xpinstall whitelist functionality already handles this. Is what you're wanting a preference to toggle showing UI to allow adding a site to the whitelist?
|
||
Comment 3•12 years ago
|
||
The whitelist still allows users to install add-ons pretty easily, I think we're talking about a complete block here, so no doorhanger the user can agree too. Not sure if this includes sideloaded installs like things dropped into the filesystem or not.
|
||
Updated•10 years ago
|
OS: Android → All
Hardware: ARM → All
|
||
Comment 4•9 years ago
|
||
Mossop, does the add-on signing work for Firefox 41 address this issue? Could we close this bug?
Flags: needinfo?(dtownsend)
|
|
||
Comment 5•9 years ago
|
||
(In reply to :Margaret Leibovic from comment #4) > Mossop, does the add-on signing work for Firefox 41 address this issue? > Could we close this bug? If the automated validator flags potentially unsafe uses of JNI so that a reviewer has to look before an add-on can be signed then I would think this is covered.
Flags: needinfo?(dtownsend) → needinfo?(kmaglione+bmo)
|
||
Comment 6•9 years ago
|
||
The validator currently flags any reference to the `ctypes` object, so if that's how JNI is accessed, it should already be covered.
Flags: needinfo?(kmaglione+bmo)
|
||
Updated•9 years ago
|
Group: core-security → firefox-core-security
|
|
||
Comment 7•9 years ago
|
||
I just landed bug 1244329, I'm going to close this bug.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
|
|
||
Updated•7 years ago
|
Group: firefox-core-security
|
|
||
Updated•4 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•