A SWF that loads a resource that is on our Tracking Protection blocklist is currently able to do so. This is wrong. This issue may affect the NPAPI in general. Note: Please contact me for bug files. Reproducing this requires a custom blocklist, an emulated local shavar server and a custom Flash movie. I'm happy to stage something when we get around to looking at it.
This SWF loads the blocked URL "http://www.adjuggler.com/images/logo-ad-juggler.png": http://people.mozilla.org/~mwobensmith/tracking_protection/flash.html
Created attachment 8696304 [details] [diff] [review] bug1217236.patch
Attachment #8696304 - Flags: review?(gpascutto)
Status: NEW → ASSIGNED
Attachment #8696304 - Flags: review?(gpascutto) → review+
Status: ASSIGNED → RESOLVED
Last Resolved: 2 years ago
status-firefox45: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla45
Looks to be fixed in latest Nightly 45, but the shield icon does not appear, despite having a blocked resource. Are we tracking that in another bug, or should I file a new one?
You're right, it also looks like the devtool console message isn't there. This needs a new bug.
Marking verified, and filed new bug 1232487 to track the lack of shield icon and console message.
Status: RESOLVED → VERIFIED
status-firefox45: fixed → verified
You need to log in before you can comment on or make changes to this bug.