[ubuntu-uk] Ubuntu (linux) vulnerabilty?? Comment please
Chris Jones
chris.jones at canonical.com
Thu Jun 21 11:36:15 BST 2007
Hi
Scrase, Eddie wrote:
> Firefox should only install an extension without warning if the site is on
> it's trusted list, which defaults to just mozilla.org. Obviously this
> assumes that the attackers haven't hacked into Mozilla's site...
Firefox will only install an extension from a trusted site. Period. It
will also always display a dialog which requests confirmation from the
user to install the extension and the "Install" button will always be
inactive for about 5 seconds.
Clicking on an XPI link from an untrusted site will produce an error
telling the user that the operation was blocked. They can then add the
site as trusted in order to continue (although of course they can save
the XPI locally and install it from there).
It should *never* *ever* *ever* install an extension without a warning.
Cheers,
--
Chris Jones
cmsj at canonical.com
www.canonical.com
More information about the ubuntu-uk
mailing list