Ubuntu
unity-firefox-extension package

one-click installation of software is a security risk

Bug #1469548 reported by taka k.
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
unity-firefox-extension (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

since upgrading to ubuntu 14.04 LTS release i have noticed that, in firefox (38.0+build3-0ubuntu0.14.04.1), i am offered to install software for sites i visit, including launchpad and facebook (messenger). this software can be installed with one click and without any user authentication. this seems like a huge security risk to me. what's more, after installing the software, if i want to remove it i am required to enter my password. this process makes no sense to me and there should be at least a password required to install the software in the first place.

Chris Coulson (chrisccoulson)
affects: firefox (Ubuntu) → unity-firefox-extension (Ubuntu)
Revision history for this message
Tyler Hicks (tyhicks) wrote : Bug is not a security issue

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

information type: Private Security → Public
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in unity-firefox-extension (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.