Web lists-archives.com

Re: ping Walt, bug about add-on verification override




On 02/09/2017 11:00 AM, Caver1 wrote:
On 02/08/2017 07:52 PM, WaltS48 wrote:
On 02/08/2017 07:41 PM, Caver1 wrote:
On 02/08/2017 05:23 PM, WaltS48 wrote:
On 02/07/2017 07:32 PM, Caver1 wrote:
On 02/07/2017 06:14 PM, »Q« wrote:
FYI.  Walt, in m.s.f you recently talked about filing a bug about the
fact that Fx can be configured not to verify add-ons. I did file a bug on it, which was eventually marked a dupe of a hidden bug. That one's
been unhidden now,
<https://bugzilla.mozilla.org/show_bug.cgi?id=1292444>. I won't try to
summarize -- I think to get a grip on the problem and what they might
do about it, you gotta read it through and chase the links to other
bugs, especially paying attention to Kaply's comments.


Why is that a bug?


Disabling security, as indicated by the RESOLVED:DUPLICATE status of Q's
bug as a duplicate of the previously hidden ACCESS DENIED bug 1292444.

Any bug a user sees as ACCESS DENIED is a security vulnerability.


In the Eyes of the beholder. It's up to the user. I have been using said
extensions for years with no security problems. If I want/need to use
them then I have the choice to do so which harms no one.



Bullshit.


Also Firefox is open source.
An open-source software license is a statement that anyone is free to use your source code in whatever way they want.
Open source rights:
     A user can create and distribute copies of the source code;
     A user can obtain a program’s source code;
     A user can modify the source code.
Mozilla open-source licenses;
      Firefox, Thunderbird  triple-licensed MPL/LGPL/GPL

As such your bullshit is bullshit. If I want to add to FF's configuration I can and Mozilla has no right to stop me.


I don't consider adding a file to an already created folder in the installation as modifying the source code.

The source code creates that folder upon installation. No?

Anyway it is a security vulnerability, that circumvents the add-on signing requirement.

Probably won't work when Firefox 57 arrives and those extensions no longer work anyway.

YMMV

--
Visit Pittsburgh <http://www.visitpittsburgh.com/>
Coexist <https://www.coexist.org/>
National Popular Vote <http://www.nationalpopularvote.com/>
Ubuntu 16.04LTS
_______________________________________________
general mailing list
general@xxxxxxxxxxxxxxxxx
https://lists.mozilla.org/listinfo/general