Firefox/Projects/Extension Manager API/Security Overview

Auto updates

• Concerns about paranoid users
• Maybe think about using the whitelist
• No distinction between update types

Manager in a tab

• Issues with about: urls being potentially attackable by webpages.
• Shouldn't look like content
• Make sure that privileged things it does cannot be spoofed by webpages

Enhanced metadata

• Data could still come from a compromised source so be sure to use the data safely

Downloading before offering to install

• Worries over size and waiting
• Need some kind of downloading indication and a way to cancel while it is going

Streamlined install experience

• Worries over giving ourselves special powers to install without any confirmation
• No way to see the signature
• Ensure installs through the API require a hash
• Concerns over how XSS flaws on AMO
• Signing trusted XPIs might be a mitigation
• Maybe ping back to AMO to verify that the add-on given is the one expected

Discovery pane

• Should be a special page with SSL
• Verify that it doesn't redirect to another server.
• Links should open up in new tabs
• Do we need to know about disabled add-ons?
• Injecting the information seems ok