Closed Bug 1217236 Opened 9 years ago Closed 9 years ago

Tracking protection: Resources on blocklist not blocked when accessed via Flash movies

Categories

(Toolkit :: Safe Browsing, defect)

Product:
Toolkit
Component:
Safe Browsing
Version:
42 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla45
Tracking Flags:
Tracking Status
firefox45 --- verified

People

(Reporter: mwobensmith, Assigned: francois)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

bug1217236.patch
1.19 KB, patch
gcp
: review+
Details | Diff | Splinter Review
A SWF that loads a resource that is on our Tracking Protection blocklist is currently able to do so. This is wrong. This issue may affect the NPAPI in general. Note: Please contact me for bug files. Reproducing this requires a custom blocklist, an emulated local shavar server and a custom Flash movie. I'm happy to stage something when we get around to looking at it.
Attached patch bug1217236.patchSplinter Review
Attachment #8696304 - Flags: review?(gpascutto)
Status: NEW → ASSIGNED
Attachment #8696304 - Flags: review?(gpascutto) → review+
https://hg.mozilla.org/mozilla-central/rev/deda2ab53734
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox45: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla45
Looks to be fixed in latest Nightly 45, but the shield icon does not appear, despite having a blocked resource. Are we tracking that in another bug, or should I file a new one?
Flags: needinfo?(francois)
You're right, it also looks like the devtool console message isn't there. This needs a new bug.
Flags: needinfo?(francois)
Marking verified, and filed new bug 1232487 to track the lack of shield icon and console message.
Status: RESOLVED → VERIFIED
status-firefox45: fixedverified
Blocks: 1029886
No longer blocks: 1149867
Blocks: 1207775
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: