Downloads

January 19, 2009: Apache, mod_ssl, and SNI on Windows

July 20, 2008: Apache and MySQL Authentication

July 12, 2007: Nagios Plugins for Windows

Connect!

Follow me on one of these Social Media sites:

Archives

Dear Mozilla…

By on October 17, 2009 in Mozilla

I have a question.. not sure exactly where to direct this question at such a late hour on a friday night, i’ll just type it out here… After being sick for a couple of days I’ve read that appearantly there’s a vulnerability in the .Net framework extension that Microsoft shipped.. they recommend disabiling it, et all.. which is good.. I also have seen the bug where you guys have responded quickly to block the extension and the plugin to prevent damage.. Bug 522777 Thanks for the quick response.
My question, is, what are you guys going to do to prevent extensions from being installed without user consent by 3rd party software, whether its a windows update or something like skype, neither of which inform users that they’re going to install… *before* they’re allowed in? Responding after the fact is great, don’t get me wrong. The side-effects of the current situation range appearantly from critical like this exploit, to annoying, like sharing a machine and ending up with the paypal extension because one of the other users needed it. I’ve seen blog posts mentoning improving notifications, but i’m confused which of the several versions of in-development Firefox this applies to, and if it actually prevents the installation completely or not? I don’t mind reading, just point me to a clear bug or wiki or even blog post where its clearly tracked..
Comments here are fine, that way anybody else who is confused gets the answer to.. 🙂
Thanks,
— Wolf
Update (10/17/2009): Mossop was kind enough (thanks!) to direct me to…
https://wiki.mozilla.org/Firefox/Projects/System_Extension_Notification
and
http://www.oxymoronical.com/blog/2009/08/Notifying-users-about-third-party-add-ons
This work should appear in Firefox 3.7. (I haven’t yet asked why not the next version, but i’m sure there’s good reasons, timetables being what they are.)

3 Reader Comments

Trackback URL | Comments RSS Feed

  1. http://openid.yubico.com/server.php/idpage?user=hlhlltddrlhc says:

    I think https://bugzilla.mozilla.org/show_bug.cgi?id=476430 covers it.

  2. Anonymous says:

    Dave Townsend had a status report about that a couple of months ago
    http://www.oxymoronical.com/blog/2009/08/Notifying-users-about-third-party-add-ons

  3. skaɪp says:

    The Skype installer does have an option to turn on/off installing that.

Top