1125891 - Enable the no-admin sandbox for Flash

Status: RESOLVED WONTFIX

(Core Graveyard :: Plug-ins, defect)

Description

[Benjamin Smedberg]

Bug 1123245 landed code to support a no-admin-rights sandbox around plugins, but didn't change any prefs to turn it on by default. We want to enable this by default for Flash.

Comment 1

[Benjamin Smedberg]

Attachment: bug1125891.patch

Comment 2

[Benjamin Smedberg]

https://hg.mozilla.org/integration/mozilla-inbound/rev/88534cb4094a

Comment 3

[Benjamin Smedberg]

Comment on attachment 8554639 [details] [diff] [review]
bug1125891.patch

Approval Request Comment
[Feature/regressing bug #]: Mitigation when disabling Flash protected mode, bug 1119941
[User impact if declined]: This mitigates Flash security exploits
[Describe test coverage new/current, TreeHerder]: Manual testing is done, but we need nightly/aurora testers to bang on this quickly so that we can consider landing this into beta on Thursday
[Risks and why]: This could possibly break some Flash functionality. We don't think that is likely, but there are many unknowns.
[String/UUID change made/needed]: None

Comment 4

[Lawrence Mandel [:lmandel] (use needinfo)]

Comment on attachment 8554639 [details] [diff] [review]
bug1125891.patch

As this hasn't yet baked with any audience, we don't have a lot of data on the expected fallout. However, from speaking with bsmedberg on irc "My understanding is that Flash should continue to work, and the risk is mainly with unusual Flash APIs or features, not normal web browsing." This category of issue is most likely going to be found with more eyes on the problem. We also have the ability to push a subsequent update to disable the feature if it breaks Firefox w/ Flash usage in some very bad way. Let's push this to Aurora to test and monitor closely for breakage. Aurora+

cc User Advocacy to monitor for feedback.

Comment 5

[Lawrence Mandel [:lmandel] (use needinfo)]

Marking 36-38 as affected as we don't know exactly where we're going to take this change yet.

Comment 6

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/mozilla-central/rev/88534cb4094a

Comment 7

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/releases/mozilla-aurora/rev/a8f82447f9ad

Comment 8

[[:Cww]]

Just a FYI, with the Flash blocking going on right now, we're not going to be able to discern anything about issues with Flash in Input.

Comment 9

[[SV Manager] Florin Mezei, QA (:FlorinMezei)]

Any focused manual testing needed for this? If yes, what should the testing efforts be focused on (e.g. testing of any specific flash sites, testing on specific OS, testing with enabled/disabled Flash Protected mode...)?

Comment 10

[Benjamin Smedberg]

The risk here is unknown; we have at least one bug already filed, bug 1126570. We should definitely follow up on cases like that, as well as any other known Flash sites that have caused problems in the past. Otherwise, the primary QA we need here is to carefully watch and triage incoming Flash-related bugs and escalate them quickly.

Comment 11

[Benjamin Smedberg]

Comment on attachment 8554639 [details] [diff] [review]
bug1125891.patch

We've decided to deploy this along with bug 1119941 in beta5.

Comment 12

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/releases/mozilla-beta/rev/6dbb4d7aa57d

Comment 13

[Benjamin Smedberg]

Disabled for 36b9.

Comment 14

[Benjamin Smedberg]

To close the bugzilla loops, we disabled this on all channels in bug 1120993.