Closed Bug 1217236 Opened 4 years ago Closed 4 years ago

Tracking protection: Resources on blocklist not blocked when accessed via Flash movies

Categories

(Toolkit :: Safe Browsing, defect)

42 Branch
defect
Not set

Tracking

()

VERIFIED FIXED
mozilla45
Tracking Status
firefox45 --- verified

People

(Reporter: mwobensmith, Assigned: francois)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

A SWF that loads a resource that is on our Tracking Protection blocklist is currently able to do so. This is wrong. This issue may affect the NPAPI in general.

Note:
Please contact me for bug files. Reproducing this requires a custom blocklist, an emulated local shavar server and a custom Flash movie. I'm happy to stage something when we get around to looking at it.
Attached patch bug1217236.patchSplinter Review
Attachment #8696304 - Flags: review?(gpascutto)
Status: NEW → ASSIGNED
Attachment #8696304 - Flags: review?(gpascutto) → review+
https://hg.mozilla.org/mozilla-central/rev/deda2ab53734
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla45
Looks to be fixed in latest Nightly 45, but the shield icon does not appear, despite having a blocked resource. Are we tracking that in another bug, or should I file a new one?
Flags: needinfo?(francois)
You're right, it also looks like the devtool console message isn't there. This needs a new bug.
Flags: needinfo?(francois)
Marking verified, and filed new bug 1232487 to track the lack of shield icon and console message.
Status: RESOLVED → VERIFIED
Blocks: 1029886
No longer blocks: 1149867
Blocks: 1207775
You need to log in before you can comment on or make changes to this bug.