Extension Blocklisting: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
mNo edit summary
mNo edit summary
Line 6: Line 6:


Tracked by: [https://bugzilla.mozilla.org/show_bug.cgi?id=318338 bug 318338]
Tracked by: [https://bugzilla.mozilla.org/show_bug.cgi?id=318338 bug 318338]
*''this bug is used to track status, target, owner and various deliverables''


= Goals & Objectives =
= Goals & Objectives =

Revision as of 18:56, 2 March 2006

Please comment in the Talk page (use the Discussion tab above)

Firefox runs both extensions and plugins at elevated privilege, opening users up to attack vectors left open either intentionally (a malicious extension/plugin which may have been installed by some trickery) or unintentionally.

Once an exploit is known to the community, it should be our responsibility to take measures to protect our installed users from these attack vectors. To do so, a "blacklist" will be kept which will be an always up-to-date list of plugin and extension versions that have been found to be vulnerable to attack. A local copy of this list will be updated using the Software Update mechanism. If an installed plugin or extension matches this list, it will be disabled and the user will be informed.

Tracked by: bug 318338

Goals & Objectives

Planned Milestones

xxxx/xx/xx TBD
xxxx/xx/xx TBD

Overview

Background

Use Cases

Functional Requirements

Plans & Design Documents

API Changes Required

Impact

The current design impacts the following areas of development


Extensions

Localization

Update

See Also

Discussion & Implications

Caveats / What We've Tried Before

Security Implications

Privacy Considerations

Retrieved from "https://wiki.mozilla.org/index.php?title=Extension_Blocklisting&oldid=18079"