Hi Scrase, Eddie wrote: > Firefox should only install an extension without warning if the site is on > it's trusted list, which defaults to just mozilla.org. Obviously this > assumes that the attackers haven't hacked into Mozilla's site...
Firefox will only install an extension from a trusted site. Period. It will also always display a dialog which requests confirmation from the user to install the extension and the "Install" button will always be inactive for about 5 seconds. Clicking on an XPI link from an untrusted site will produce an error telling the user that the operation was blocked. They can then add the site as trusted in order to continue (although of course they can save the XPI locally and install it from there). It should *never* *ever* *ever* install an extension without a warning. Cheers, -- Chris Jones [EMAIL PROTECTED] www.canonical.com -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
