Dear Mozilla…

I have a question.. not sure exactly where to direct this question at such a late hour on a friday night, i’ll just type it out here… After being sick for a couple of days I’ve read that appearantly there’s a vulnerability in the .Net framework extension that Microsoft shipped.. they recommend disabiling it, et all.. which is good.. I also have seen the bug where you guys have responded quickly to block the extension and the plugin to prevent damage.. Bug 522777 Thanks for the quick response.
My question, is, what are you guys going to do to prevent extensions from being installed without user consent by 3rd party software, whether its a windows update or something like skype, neither of which inform users that they’re going to install… *before* they’re allowed in? Responding after the fact is great, don’t get me wrong. The side-effects of the current situation range appearantly from critical like this exploit, to annoying, like sharing a machine and ending up with the paypal extension because one of the other users needed it. I’ve seen blog posts mentoning improving notifications, but i’m confused which of the several versions of in-development Firefox this applies to, and if it actually prevents the installation completely or not? I don’t mind reading, just point me to a clear bug or wiki or even blog post where its clearly tracked..
Comments here are fine, that way anybody else who is confused gets the answer to.. 🙂
Thanks,
— Wolf
Update (10/17/2009): Mossop was kind enough (thanks!) to direct me to…
https://wiki.mozilla.org/Firefox/Projects/System_Extension_Notification
and
http://www.oxymoronical.com/blog/2009/08/Notifying-users-about-third-party-add-ons
This work should appear in Firefox 3.7. (I haven’t yet asked why not the next version, but i’m sure there’s good reasons, timetables being what they are.)