Web lists-archives.com

Re: ping Walt, bug about add-on verification override




Caver1 wrote:
> WaltS48 wrote:
>> Caver1 wrote:
>>> WaltS48 wrote:
>>>> Caver1 wrote:
>>>>> »Q« wrote:
>>>>>> FYI.  Walt, in m.s.f you recently talked about filing a bug about the
>>>>>> fact that Fx can be configured not to verify add-ons.  I did file a bug
>>>>>> on it, which was eventually marked a dupe of a hidden bug.  That one's
>>>>>> been unhidden now,
>>>>>> <https://bugzilla.mozilla.org/show_bug.cgi?id=1292444>.  I won't try to
>>>>>> summarize -- I think to get a grip on the problem and what they might
>>>>>> do about it, you gotta read it through and chase the links to other
>>>>>> bugs, especially paying attention to Kaply's comments.
>>>>>
>>>>> Why is that a bug?
>>>>
>>>> Disabling security, as indicated by the RESOLVED:DUPLICATE status of Q's
>>>> bug as a duplicate of the previously hidden ACCESS DENIED bug 1292444.
>>>>
>>>> Any bug a user sees as ACCESS DENIED is a security vulnerability.
>>>
>>> In the Eyes of the beholder. It's up to the user. I have been using said
>>> extensions for years with no security problems. If I want/need to use
>>> them then I have the choice to do so which harms no one.
>>
>> Bullshit.
> 
> Why do you say Bullshit? Not a very convincing argument.

+1
It's not an argument at all, just a personal opinion.
Basically being able to visit just any site with FF is a potential
security vulnerability. As long as FF/Mozilla doesn't control which
sites you are allowed (!) to visit, there's no difference with being
able to *explicitly and knowingly* override a browser feature.

-p

_______________________________________________
general mailing list
general@xxxxxxxxxxxxxxxxx
https://lists.mozilla.org/listinfo/general