Plugins for Mozilla are usually distributed as XPI packages. There doesn't seem to be any way to install these noninteractively, which is an essential feature (essential as in "can't use it any other way") for any remote-administered setup (especially so since Mozilla's "download plugin" feature currently doesn't work on a multiuser system unless run by the owner of the mozilla directories.)

websites initiating invisible installs is the mother of all security holes, but there is some interest in rolling this into the planned remote configuration facility which would have to be set up by a corporate administrator. *** This bug has been marked as a duplicate of 88958 ***

Hang on... who said anything of *WEBSITES* initiating invisible installs?!?!?! I certainly didn't, and bug 88958 specifically refers to AutoUpdate, which seems to imply automatic updates. I'm referring to a CLI that can be run without DISPLAY set (or the equivalent on other platforms), and install modules via scripts, similar to RPMs on Linux. Many sites have automated software distribution systems set up, and require user interaction is the antithesis to these systems. Websites being browsed initiating such automatic installs is a completely different ball of wax, and certainly nothing I would want to have anything at all to do with.

Changed Component & QA Contact

"AutoUpdate" is a proposed remote-administration feature, it would not be vulnerable to random websites. If you're talking about a command-line XPI processor run locally there's a bug for that too (bug 77365). Either way, I still think this is a dupe.

Agreed this is a dupe of 77365. *** This bug has been marked as a duplicate of 77365 ***

v