Open Bug 1259043 Opened 8 years ago Updated 2 years ago

Adult Content is allowed in Child Mode when Video DownloadHelper is installed

Categories

(Core :: General, defect)

All
Windows 8.1
defect

Tracking

()

Tracking Status
firefox48 --- affected

People

(Reporter: sbadau, Unassigned)

References

(Blocks 1 open bug)

Details

[Note]:
- Issue found on the Nightly try build from:
https://archive.mozilla.org/pub/firefox/try-builds/dkeeler@mozilla.com-68763a0d343f41ad9370f145abacf55068334806/

Mozilla/5.0 (Windows NT 6.3; rv:47.0) Gecko/20100101 Firefox/47.0 Build ID:20160210105908

[Affected versions]:
- Nightly 47.0a1

[Affected platforms]:
- Windows 8.1

[Steps to reproduce]:
1. On Windows 8.1 log in as an ADMIN and create a LOCAL Child Account
2. Install the Nightly try build 
3. Switch to the created CHILD account
4. Launch the installed try build from step 2 and add the preference "security.family_safety.mode"= 2 in about:config
5. Install the Video DownloadHelper add-on from:
https://addons.mozilla.org/en-US/firefox/addon/video-downloadhelper/?src=hp-dl-mostpopular
6. In the Navigation Bar click on the Supported Sites button (located in the right side of the Video DownloadHelper button)
7. In the new opened list -> click on any of the sites - >  and then click on the Visit site button
8. Confirm that you are 18.

[Expected result]:
The Child should not be allowed to visit Adult Content websites if the parent does not allow it. 

[Actual result]:
The child can visit Adult Content websites.

[Regression range]:
Not a regression.

[Additional notes]:
The generated links can also be opened in IE or Chrome.
> [Additional notes]:
> The generated links can also be opened in IE or Chrome.

Because this affects all the browser vendors, I'm assuming this has something to do with those particular websites not honouring the prefer:safe header. Example of a website that's being blocked that honours the prefer:safe header:

Host: familysafety.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Prefer: safe
Referer: http://www.websitethatyournotoldenoughtosee!!!.com/
Connection: keep-alive
Cache-Control: max-age=0

Simona, could you go through the same test case once again but this time capture the HTTP headers and see if prefer:safe is being used for those particular websites that are being loaded?
Flags: needinfo?(simona.marcu)
Kamil, I went through all the HTTP Headers for all the given requests (used the Network monitor developer tool) and Prefer: "safe" is used for all of them.
Flags: needinfo?(simona.marcu)
No longer blocks: 1239166
Blocks: 259463
No longer blocks: 259463
Depends on: 1259463
Blocks: 1259463
No longer depends on: 1259463
Maybe those particular websites are not on Microsoft's Family Safety blocklist? I'm not sure how MS determines which websites are safe and which ones are not. Either way, I don't think this will get fixed/looked at any time soon as it affects all the vendors. I'm assuming if MS ever does add those sites to a blocklist, it will most likely trickle down to Chrome/FX through the Family Safety mechanism.
This seems to be a parental controls/Prefer: safe issue, so PSM isn't the appropriate component.
Component: Security: PSM → General
I'm the developer of Video DownloadHelper.
This add-on has its own safe mode which prevents any link to adult material to show up on the supported sites list, now hosted on the downloadhelper.net site.
If there is any way to know the user has already expressed in Firefox a desire for not seeing any adult content, i would gladly connect this into Video DownloadHelper.
Any pointer to give me guidance ?
I see what is to be done in VDH code to take care of that and it's not a big deal, but i haven't been able to setup a configuration in Windows 10 where Cc["@mozilla.org/parental-controls-service;1"].createInstance(Ci.nsIParentalControlsService).parentalControlsEnabled would return true.
Created a child account, requested to block inappropriate content for that account: still returning false.
Any clue would be welcome.
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.