Robert Mohr wrote: > mrhappy wrote: > >>It would be really good if there was a default setting of silent ignore for xpi's > > It's not the default and never will be, but you can set > 'xpinstall.enabled' to false in about:config.
It is not now the default, but never say never--we may very well be changing it. More likely we'll add per-site permissions (probably defaulting to off for unset sites) and leave the global switch "on". Figuring out an appropriate UI and security model is tough. When sites offered .exe downloads we used to force people to explicitly save them and launch them using the OS. This was to discourage stu^H^H^Hinexperienced people from running any malware they ran across, with a barrier easily overcome by anyone who knew what they were doing. Plus launching the thing from the OS window was a CYA step, the browser clearly didn't infect the computer, the user explicitly ran something using the same OS UI used to run other programs. Surely they'd understand what running a program meant, right? That was "too hard" for people (sites had to have special "Netscape" instructions), so we added a "show location" button to the download button that brought up an OS window to let them launch the file. Later still we were browbeat by ease-of-use comparisons to IE so we let people launch them directly from the download screen, albeit with a modal "Are you sure" dialog interposed. History lesson by way of saying maybe we won't change things after all, people might complain too much that we've made things "too hard". -Dan Veditz _______________________________________________ Mozilla-security mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-security
