Dirk wrote: > a website tries to install the following software > http://www2.flingstone.com/cab/sbc_netscape.xpi > if you d/l the xpi and expand the zip file your anti virus program will > alert you with something like... "keylog-briss" Trojan horse detected
We've noticed attempts like this recently and are taking steps to address it. As a first stop-gap, sites are no longer be able to launch installs during page load (easy to work around, but a quick band-aid to specific abuses we've seen). This is already in recent nightlies of Firefox and Mozilla. Second, at the cost of greatly reducing the usefulness of XPInstall, we're restricting its use to whitelisted sites or else people can explicitly download the file and then launch it (as they can do with an .exe install). > You can turn the software installation off on Mozilla but not in the > FireFox preferences. you can turn it off manually through about:config, and I believe UI is being added as part of the new "Extension Manager" interface going into 0.9 > I think most people believe they have no virus problems with > Mozilla/FireFox but that's not true... This still requires the user to agree to install something on their machine so it's not exactly a virus or worm, but probably too many people could fooled into installing it. That's why we're changing things. -Dan Veditz _______________________________________________ Mozilla-xpinstall mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-xpinstall
