Stop adding getpersonas.com to the xpinstall whitelist

RESOLVED FIXED in Firefox 25

Status

()

RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: dao, Assigned: dao)

Tracking

(Blocks: 1 bug)

Trunk
Firefox 25
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Assignee)

Description

6 years ago
Created attachment 736720 [details] [diff] [review]
patch

getpersonas.com is retired and redirects to addons.mozilla.org.
Attachment #736720 - Flags: review?(bmcbride)
Comment on attachment 736720 [details] [diff] [review]
patch

Review of attachment 736720 [details] [diff] [review]:
-----------------------------------------------------------------

::: browser/app/profile/firefox.js
@@ -203,5 @@
>  pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
>  pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
>  
>  pref("xpinstall.whitelist.add", "addons.mozilla.org");
> -pref("xpinstall.whitelist.add.36", "getpersonas.com");

This will only make it so new profiles (or those that haven't been used with Firefox 3.6 or newer) won't get getpersonas.com added to the whitelist. Existing profiles will continue to have it in the permissions database as allowing installs.

Unfortunately, we don't currently have a way to remote entries from the permissions manager (I'm not sure we've ever removed anything from this before). Filed bug 861115 for that.

So, as a stop-gap, we should also add getpersonas.com to the blacklist (xpinstall.blacklist.add.<version>), just to be safe - since we can't guarantee Mozilla will hold onto that domain indefinitely (seems reasonable to let it expire eventually).

We try to have the version represent the earliest version that had it added - and I assume we'll want to backport this to Beta (see bug 744355 comment 2 for the last time we did that dance).
Attachment #736720 - Flags: review?(bmcbride) → review-
(In reply to Blair McBride [:Unfocused] (Back from the dead. Mostly.) from comment > So, as a stop-gap, we should also add getpersonas.com to the blacklist
> (xpinstall.blacklist.add.<version>), just to be safe - since we can't
> guarantee Mozilla will hold onto that domain indefinitely (seems reasonable
> to let it expire eventually).

I don't expect we'll ever let the domain expire (domains are relatively cheap). So while it might make sense to do as you say and add it to the blacklist, I don't think it needs to block this patch.
(Assignee)

Updated

6 years ago
Summary: Remove getpersonas.com from the xpinstall whitelist → Stop adding getpersonas.com to the xpinstall whitelist
(Assignee)

Updated

6 years ago
Attachment #736720 - Flags: review- → review?(bmcbride)
Comment on attachment 736720 [details] [diff] [review]
patch

Review of attachment 736720 [details] [diff] [review]:
-----------------------------------------------------------------

Could you at least file a followup bug for this, dependant on bug 861115?
Attachment #736720 - Flags: review?(bmcbride) → review+
(Assignee)

Updated

6 years ago
Blocks: 892494

Updated

6 years ago
Blocks: 892881
https://hg.mozilla.org/mozilla-central/rev/fd31bf6cc779
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 25
Blocks: 893403
You need to log in before you can comment on or make changes to this bug.