Tracking protection: Resources on blocklist not blocked when accessed via Flash movies

VERIFIED FIXED in Firefox 45

Status

()

Toolkit
Safe Browsing
VERIFIED FIXED
2 years ago
2 years ago

People

(Reporter: mwobensmith, Assigned: francois)

Tracking

(Blocks: 1 bug)

42 Branch
mozilla45
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox45 verified)

Details

Attachments

(1 attachment)

A SWF that loads a resource that is on our Tracking Protection blocklist is currently able to do so. This is wrong. This issue may affect the NPAPI in general.

Note:
Please contact me for bug files. Reproducing this requires a custom blocklist, an emulated local shavar server and a custom Flash movie. I'm happy to stage something when we get around to looking at it.
Created attachment 8696304 [details] [diff] [review]
bug1217236.patch
Attachment #8696304 - Flags: review?(gpascutto)
Status: NEW → ASSIGNED
Attachment #8696304 - Flags: review?(gpascutto) → review+

Comment 4

2 years ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/deda2ab53734
Status: ASSIGNED → RESOLVED
Last Resolved: 2 years ago
status-firefox45: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla45
Looks to be fixed in latest Nightly 45, but the shield icon does not appear, despite having a blocked resource. Are we tracking that in another bug, or should I file a new one?
Flags: needinfo?(francois)
You're right, it also looks like the devtool console message isn't there. This needs a new bug.
Flags: needinfo?(francois)
(Reporter)

Updated

2 years ago
Blocks: 1232487
Marking verified, and filed new bug 1232487 to track the lack of shield icon and console message.
(Reporter)

Updated

2 years ago
Status: RESOLVED → VERIFIED
status-firefox45: fixed → verified
Blocks: 1029886
No longer blocks: 1149867
You need to log in before you can comment on or make changes to this bug.