Closed
Bug 306000
Opened 19 years ago
Closed 19 years ago
Allowed sites dialog refers to site hosting the link, not the extension
Categories
(Toolkit :: Add-ons Manager, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 294450
People
(Reporter: bren106, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b3) Gecko/20050712 Firefox/1.0+
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b3) Gecko/20050712 Firefox/1.0+
There is a link here,
http://greaseblog.blogspot.com/2005/08/greasemonkey-051-final.html, which refers
to an extension (Greasemonkey) hosted on ftp.mozilla.org. To allow it to
install, greaseblog.blogspot.com has to be in the list of allowed sites, not
ftp.mozilla.org. I think this could be a potential security problem; any link on
a trusted site, even if it is say the forums on mozillazine.org where anybody
can post, is allowed to install software by default, even if that link is to
www.dodgysitewithextensionthatwillstealyourcreditcardnumber.com. Or say,
www.gator.com.
Reproducible: Always
Steps to Reproduce:
1. Go to http://greaseblog.blogspot.com/2005/08/greasemonkey-051-final.html
2. Click on greasemonkey final link (hosted on ftp.mozilla.org)
3. Prompt asks you to allow greasemonkey.blogspot.com to install software
Actual Results:
The 'Allow sites to install software' prompt asks me to allow
greasemonkey.blogspot.com to install software.
Expected Results:
It should ask me to allow ftp.mozilla.org to install software. Or at least point
out the extension is hosted on a different site. And if ftp.mozilla.org is
allowed, as it was in my case initially, maybe it should just go ahead with the
install extension prompt.
Comment 2•19 years ago
|
||
*** This bug has been marked as a duplicate of 294450 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Assignee | ||
Updated•16 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•