User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b3) Gecko/20050712 Firefox/1.0+ Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b3) Gecko/20050712 Firefox/1.0+ There is a link here, http://greaseblog.blogspot.com/2005/08/greasemonkey-051-final.html, which refers to an extension (Greasemonkey) hosted on ftp.mozilla.org. To allow it to install, greaseblog.blogspot.com has to be in the list of allowed sites, not ftp.mozilla.org. I think this could be a potential security problem; any link on a trusted site, even if it is say the forums on mozillazine.org where anybody can post, is allowed to install software by default, even if that link is to www.dodgysitewithextensionthatwillstealyourcreditcardnumber.com. Or say, www.gator.com. Reproducible: Always Steps to Reproduce: 1. Go to http://greaseblog.blogspot.com/2005/08/greasemonkey-051-final.html 2. Click on greasemonkey final link (hosted on ftp.mozilla.org) 3. Prompt asks you to allow greasemonkey.blogspot.com to install software Actual Results: The 'Allow sites to install software' prompt asks me to allow greasemonkey.blogspot.com to install software. Expected Results: It should ask me to allow ftp.mozilla.org to install software. Or at least point out the extension is hosted on a different site. And if ftp.mozilla.org is allowed, as it was in my case initially, maybe it should just go ahead with the install extension prompt.

This behavior is intentional. I think this bug is a dup.

*** This bug has been marked as a duplicate of 294450 ***