AMO has access to installed extensions with window.navigator.AddonManager in ESR 52

https://bugzilla.mozilla.org/show_bug.cgi?id=1255039 and dependent bugs implemented a way in which addons.mozilla.org is able to gather data about extensions the user has installed (and be it just a "yes/no"). We don't want this.

added GeorgKoppen201705 TorBrowserTeam201705R component::applications/tor browser ff52-esr owner::gk priority::medium resolution::fixed severity::normal sponsor::4 status::closed tbb-7.0-must type::defect labels

If we don't trust AMO, we should also remove it from exceptions of "Warn me when sites try to install add-ons".

Remmove remaining tickets over to April

Trac:
Keywords: TorBrowserTeam201703 deleted, TorBrowserTeam201704 added

Moving our tickets to May 2017.

Trac:
Keywords: TorBrowserTeam201704 deleted, TorBrowserTeam201705 added

Trac:
Keywords: ttb-7.0-must deleted, tbb-7.0-must added

Trac:
Cc: N/A to tbb-team
Keywords: N/A deleted, GeorgKoppen201705 added
Status: new to assigned
Owner: tbb-team to gk

bug_21684 (https://gitweb.torproject.org/user/gk/tor-browser.git/commit/?h=bug_21684&id=b2f8585b66dc2856463950c7239015585a8481e3) has a patch for review.

FWIW: I pondered quite a while whether we should disable this API for both chrome and content but finally opted for doing so just for the latter. There might be breakage involved (especially in the longer run) by not allowing Firefox internals to use it. However, I am not sold to this. Thus, if there are good arguments for kicking window.navigator.AddonManager fully out let me know and we can reconsider it.

Trac:
Status: assigned to needs_review
Keywords: TorBrowserTeam201705 deleted, TorBrowserTeam201705R added

r=mcs Looks good to me, and the approach seems sound as well. My only nit is that in the commit message you should s/Priviledged/Privileged/ (remove the extra 'd').

Thanks. Fixed and applied to tor-browser-52.1.1esr-7.0-1 and tor-browser-52.1.0esr-7.0-2 (commit 9de9d5a74472423e5a7e5754f5d93b2d89103dfe and e5da14c4ae6e3917928b3004bca7bd49e972089e).

Trac:
Resolution: N/A to fixed
Status: needs_review to closed

closed

moved to tpo/applications/tor-browser#21684 (closed)