On 2014-03-21 1:07 PM, Gavin Sharp wrote:
On Fri, Mar 21, 2014 at 7:40 AM, Irving Reid <irv...@mozilla.com> wrote:
extensions.blocklist.pingCountVersion (146 times out of ~1.5 million Nightly
telemetry sessions) and extensions.shownSelectionUI (8 times in 1.5m)
The prefs in question aren't likely targets for malware, though they could
be collateral damage. They don't have default values in all.js.
Doesn't corrupting them allow you to prevent the blocklist from
working, and preventing the "choose which extensions to install"
dialog from appearing on startup? Those sound like things malware
would want to do.
Gavin
extensions.shownSelectionUI was introduced in bug 596343 to provide a
run-once UI for users upgrading to Firefox 4, so that users could choose
to disable third-party add-ons that had been silently installed in
earlier versions of Firefox. The effect of corrupting this pref is that
the user will see the selection UI every time their Fx version changes,
instead of the compatibility update UI.
You're right about extensions.blocklist.pingCountVersion, though. An
invalid value will cause us to throw out of nsBlocklistService.notify()
around
http://dxr.mozilla.org/mozilla-central/source/toolkit/mozapps/extensions/nsBlocklistService.js#525
before we send the blocklist XHR request, so a profile with this pref
broken won't update its blocklist.
This method is called directly by nsUpdateTimerManager; the exception is
caught there and logged to the error console for nobody to notice.
- irving -
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
