I didn't say it never happens. I said it is not nearly the problem that you or Mozilla would have us believe.
But that is irrelevant, because, as I already pointed out, it has been proven that enforced signing *will not protect anyone* - all it does is provide a *false* security blanket. I have no problem with making enforced signing the default. I just want the ability to disable it without having to resort to running an unbranded version. On 2/2/2016 10:56 AM, Wolf, Daniel <da.w...@neopost.com> wrote: > You don't get infected with an add-in. Your user runs malware that installs > it. > Companies with whitelisting will obviously not have this problem. Nor is > there a central way to get a listing of add-ins, you would only know if you > looked in Firefox on every machine. > > AdwCleaner, a tool designed to remove browser hijacking, has been downloaded > over 38 million times. http://www.bleepingcomputer.com/download/adwcleaner/ > > Here are blog posts about malicious add-ins from just the last few months > https://blog.malwarebytes.org/security-threat/2016/01/yontoo-pups-with-two-faces/ > https://blog.malwarebytes.org/security-threat/2015/11/framefox-nominated-for-the-most-aggressive-eula/ > https://blog.malwarebytes.org/security-threat/2015/11/dynamicpricer-pup-disables-browser-updates/ > > > This is a major issue that users deal with. If you don't believe me, you're > welcome to ask Mozilla, who are the developers of Firefox. > > Daniel Wolf > > -----Original Message----- > From: Enterprise [mailto:enterprise-boun...@mozilla.org] On Behalf Of Timo > Pietilä > Sent: Tuesday, February 2, 2016 12:04 AM > To: enterprise@mozilla.org > Subject: Re: [Mozilla Enterprise] Add-on Signing in ESR > > On 1.2.2016 17:32, Tanstaafl wrote: > >> I have been managing a smallish (50-80 over the years) install base of >> both Firefox and Thunderbird since before Firefox 1.0 was released, >> and *not once* have I encountered a user who got infected with a >> malicious Addon. > > I got a bit larger user base: I distribute FF and TB for University with > about 50k students and around 7000 staff and have been working here for about > 15 years now. Not one case of malicious add-on at that time. > > Timo Pietilä _______________________________________________ Enterprise mailing list Enterprise@mozilla.org https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to enterprise-requ...@mozilla.org with a subject of "unsubscribe"
