Confirmed users
1,041
edits
Extension Blocklisting: Difference between revisions
Jump to navigation
Jump to search
m
no edit summary
mNo edit summary |
|||
| Line 1: | Line 1: | ||
''Please comment in the Talk page (use the Discussion tab above)'' | ''Please comment in the Talk page (use the Discussion tab above)'' | ||
Tracked by: [https://bugzilla.mozilla.org/show_bug.cgi?id=318338 bug 318338] | Tracked by: [https://bugzilla.mozilla.org/show_bug.cgi?id=318338 bug 318338] | ||
| Line 34: | Line 30: | ||
= Overview = | = Overview = | ||
Firefox runs both extensions and plugins at elevated privilege, opening users up to attack vectors left open either intentionally (a malicious extension/plugin which may have been installed by some trickery) or unintentionally. | |||
Once an exploit is known to the community, it should be our responsibility to take measures to protect our installed users from these attack vectors. To do so, a "blacklist" will be kept which will be an always up-to-date list of plugin and extension versions that have been found to be vulnerable to attack. A local copy of this list will be updated using the Software Update mechanism. If an installed plugin or extension matches this list, it will be disabled and the user will be informed. | |||
== Background == | == Background == | ||