Closed Bug 704158 Opened 13 years ago Closed 11 years ago

[adbe 3051400] Consider blocking Flash 10.0.x

Categories

(Toolkit :: Blocklist Policy Requests, defect)

Product:
Toolkit
Component:
Blocklist Policy Requests
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox9 + ---
firefox10 - ---

People

(Reporter: kairo, Assigned: kev)

References

Details

We continue to have tons of Flash crash reports with 10.0.x versions, we should consider blocking those for all Firefox versions.

I'm filing this in the Flash component first as we need to coordinate with Adobe and reach a decision on this first before we can go to possibly implement this.
it would make sense to block...  we are tracking the request in #3051400.  it is under review.
Status: NEW → ASSIGNED
Summary: Consider blocking Flash 10.0.x → [adbe 3051400] Consider blocking Flash 10.0.x
the consensus is that it makes sense, but our program manager would like to discuss details.  we would like to set up a call.  who should i include in the discussion?  thanks.
(In reply to smadayag from comment #2)
> the consensus is that it makes sense, but our program manager would like to
> discuss details.  we would like to set up a call.  who should i include in
> the discussion?  thanks.

Hey, 

best person to include is the Mozilla TAM Kev Needham kev@mozilla.com (also i guess has already some contacts at adobe). I have cc'd Kev also to this Bug.

Cheers,

- Tomcat
(In reply to smadayag from comment #2)
> the consensus is that it makes sense, but our program manager would like to
> discuss details.  we would like to set up a call.  who should i include in
> the discussion?  thanks.

Have them pop an email, and I'll set up a call. We've talked about it w/Emmy in the past, as well, and I can go over how we're currently set up.
yes, emmy brought that up and wanted Noopur Bakshi to follow up.  her email is nbakshi@adobe.com.  thanks!
see also bug 526019 on blocking flash (and dupes bug 436348 and bug 571295). Also QA/testing bug 571038.
Depends on: 526019
Does this bug require a patch or is it something that we can do server-side? If this requires a patch and we think it's low-risk enough to get into FF9, we'd need consensus today and a patch for beta tomorrow at the latest.
tracking-firefox10: --- → +
tracking-firefox9: --- → +
(In reply to Alex Keybl [:akeybl] from comment #7)
> Does this bug require a patch or is it something that we can do server-side?

Blocking plug-ins should be possible with the server-side blocklist.
Assignee: nobody → kev
Our blocklist UI is so awful I hate using it. :(
Do we have a crash analysis that we can point at so we get a more concrete idea of what the flash crash impact looks like? Need this to get a better idea of impact.

(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #0)
> We continue to have tons of Flash crash reports with 10.0.x versions, we
> should consider blocking those for all Firefox versions.
> 
> I'm filing this in the Flash component first as we need to coordinate with
> Adobe and reach a decision on this first before we can go to possibly
> implement this.
(In reply to Kev [:kev] Needham from comment #10)
> Do we have a crash analysis that we can point at so we get a more concrete
> idea of what the flash crash impact looks like? Need this to get a better
> idea of impact.

Here's a report I run that shows a rather typical picture:
https://crash-analysis.mozilla.com/rkaiser/2011-12-08/2011-12-08.firefox.8.0.flashhangs.html

The report is comparing the percentages of all hangs we are seeing where we have a Flash version to all crashes we are seeing that have Flash versions listed. It's typical that the more current versions (10.3 and higher, i.e. those being in operation the most for heavy Flash video and game usage) are seeing higher percentages in hangs than crashes, the older versions (10.2 and below) are not too far apart in those numbers - with the exception on 10.0 versions. Those are seeing a very high percentage of our Flash crashes as the report shows, and that's the reason we came up with the idea of blocking those versions.

(As a remark, I have no real idea what the "10.4-10.5" or "10.6" version numbers mean, my best guess is that we get those for some Mac Flash versions.)
As long as Firefox 3.6.* is still supported, Adobe Flash 10.<latest version> shouldn't be blocked as Adobe offers 10.<latest version> if you visit the Flash download page with Firefox 3.6.*

Download page: http://get.adobe.com/flashplayer/
Firefox 3.6.24: Flash 10.3.183.11
Firefox 9.0b5: 11.1.102.55
(In reply to Archaeopteryx [:aryx] from comment #12)
> As long as Firefox 3.6.* is still supported, Adobe Flash 10.<latest version>
> shouldn't be blocked

We're _only_ talking 10.0.x here, not anything later, esp. not 10.3.x, so this comment is not really relevant.
It's too late to do this for FF10. Untracking.
tracking-firefox10: +-
(In reply to Alex Keybl [:akeybl] from comment #14)
> It's too late to do this for FF10. Untracking.

Well, I don't think it's ever really too late as this would not be a code-side thing but an AMO blocklist thing.

That said, we really should see to get some progress here. kev?
(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #15)
> (In reply to Alex Keybl [:akeybl] from comment #14)
> > It's too late to do this for FF10. Untracking.
> 
> Well, I don't think it's ever really too late as this would not be a
> code-side thing but an AMO blocklist thing.

Ah you're right - but I see this as just another good reason not to track for FF10's release :)
Why this hasn't happened yet?

If only to protect web user from some of the vulnerabilities listed at http://www.adobe.com/support/security/#flashplayer this should be done.

I try to steer everyone I know to http://www.mozilla.com/plugincheck/ but it would be more practical if Firefox warned them "automagically".
Component: Flash (Adobe) → Blocklisting
Product: Plugins → addons.mozilla.org
QA Contact: adobe-flash → blocklisting
According to https://blog.mozilla.org/addons/2013/01/29/flash-10-2-lower-now-click-to-play/ this should basically be fixed now? Fixed by Bug 832038. Though I wonder why the Windows Infobar (https://wiki.mozilla.org/Blocklisting/PluginBlocks) only goes from FF 4.0 to 16.* and not up to including 17.* (like on OS X).
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Depends on: 832038
Resolution: --- → FIXED
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.