Um, I’m one of those users. Please keep in mind that us users don’t know that the countdown is a “fix”, and don’t read Mozilla bug reports (especially when there are more than 100,000 of them). The most reasonable explanation for why a dialog has a countdown is that the author of the dialog wants to harass you into paying money to make the delay go away, or force you to read something you would skip.

A line of text explaining why the countdown would go a long way. “Counting down to prevent double-click security threat” would have done it. Plus, it would give me something to read during the delay. :-)

Frankly, I think one-click software install is almost impossible to lock-down from a security standpoint. If there’s a user-entered name of the package, just name it whatever action you want the user to take. “Click yes to install free porn utility.xpi” The Flash plug-in does this. “You must install this free software to correctly view the page (Flash)” is the gist of the message.

Suggestions like “make the security window not take focus” break the consistency of the window manager and in my opinion are not acceptable. If you think people have trouble figuring out why there’s a countdown in the security dialog, try to get them to explain to you why the window doesn’t take focus.

The double-click issue is interesting because many people double-click on links to follow them, rather than single click. This is, of course, due to inconsistency between the file manager “open folder/file” double-click and the web browser “open page” single-click. And it ain’t gonna change any time soon, I suspect.

James

However, on the linked bug, when I try the demo in Firefox, I don’t get a window that accepts a “y” but instead just says that a script was denied permissions with an Ok button.