|
|
| Line 1: |
Line 1: |
| What if a poison-XPI vendor just cycles the GUID with each served XPI? Spammers don't care for rules or standards and it only needs to be installed once.
| |
| :[[User:Kroc|Kroc]] 01:42, 15 Feb 2006 (PST)
| |
|
| |
|
| Extension Manager blacklisting isn't a magic pill for all possible problems though it does solve the problem with a malicious XPI if the ID isn't changed. It also solves the problem for extensions that have an ID that doesn't change and have security vulnerabilities, memory leaks that harm the user experience, break the app (especially extensions that have a <tt>targetApplication</tt> <tt>maxVersion</tt> that is in the future), and other cases as well. You may be interested in [https://bugzilla.mozilla.org/show_bug.cgi?id=250854 Bug 250854] which can prevent installation from a site that is in a blacklist though this obviously is also not a complete solution to the potential problem that you brought up. User education to not install extensions from sources they are unfamiliar with also goes a long way to solving the problem you brought up.
| |
| :[[User:Robert Strong|Robert Strong]] 21:52, 15 Feb 2006 (PST)
| |