Closed
Bug 1296004
Opened 8 years ago
Closed 8 years ago
Disable bug 1186948 (via pref)
Categories
(Core Graveyard :: Plug-ins, defect, P1)
Core Graveyard
Plug-ins
Tracking
(firefox49 unaffected, firefox50blocking fixed, firefox51blocking fixed)
RESOLVED
FIXED
mozilla51
Tracking | Status | |
---|---|---|
firefox49 | --- | unaffected |
firefox50 | blocking | fixed |
firefox51 | blocking | fixed |
People
(Reporter: benjamin, Assigned: benjamin)
References
Details
Attachments
(1 file)
58 bytes,
text/x-review-board-request
|
mconley
:
review+
ritu
:
approval-mozilla-aurora+
|
Details |
Bug 1186948 is not ready to ship: we're seeing both false-negatives, bug 1294341, as well as false positives, bug 1295984, and I believe the risk of shipping this is high because it could make it difficult for us to release vulnerable plugin blocks. We're going to keep evaluating and experimenting, but turn this off by default for now.
Assignee | ||
Updated•8 years ago
|
status-firefox49:
--- → unaffected
status-firefox50:
--- → affected
status-firefox51:
--- → affected
tracking-firefox50:
--- → blocking
tracking-firefox51:
--- → blocking
Priority: -- → P1
Assignee | ||
Updated•8 years ago
|
Assignee: nobody → benjamin
Comment hidden (mozreview-request) |
Comment 2•8 years ago
|
||
mozreview-review |
Comment on attachment 8782107 [details] Bug 1296004 - Disable bug 1186948 via a new pref, https://reviewboard.mozilla.org/r/72360/#review69958
Attachment #8782107 -
Flags: review?(mconley) → review+
Pushed by bsmedberg@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/ee6036f333ed Disable bug 1186948 via a new pref, r=mconley
Comment 4•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/ee6036f333ed
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
Comment 5•8 years ago
|
||
I believe we want to uplift this, no? Bug 1186948 landed in 50 and rode the trains up.
Flags: needinfo?(benjamin)
Comment 6•8 years ago
|
||
Bug 1186948 also causes the Plugin Check page to fail detecting Flash when set to click-to-play. I assume this is expected but shouldn’t it be considered a security risk?
Target Milestone: mozilla51 → ---
Assignee | ||
Comment 8•8 years ago
|
||
Comment on attachment 8782107 [details] Bug 1296004 - Disable bug 1186948 via a new pref, Approval Request Comment [Feature/regressing bug #]: bug 1186948 [User impact if declined]: Inability to confidently deploy plugin blocklist; potentially worse experience for users who have Flash marked ask-to-activate. [Describe test coverage new/current, TreeHerder]: Landed to m-c, manual testing that we have properly reverted to the old behavior [Risks and why]: Reversion to previous behavior by adding a pref, not reverting the code altogether. Fairly low risk, but not as low as a straight-up backout. [String/UUID change made/needed]: None
Flags: needinfo?(benjamin)
Attachment #8782107 -
Flags: approval-mozilla-aurora?
Comment on attachment 8782107 [details] Bug 1296004 - Disable bug 1186948 via a new pref, Makes sense, Aurora50+
Attachment #8782107 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Hello Wes, just fyi, this was approved 2 days back and hasn't bee uplift to Aurora yet. Thanks!
Flags: needinfo?(wkocher)
Updated•8 years ago
|
Flags: needinfo?(wkocher)
Comment 11•8 years ago
|
||
bugherder uplift |
https://hg.mozilla.org/releases/mozilla-aurora/rev/d6be383e84be
Comment 12•8 years ago
|
||
Quick note from docs team: this wasn’t marked dev-doc-needed but I found it anyway, which is good. :) Please remember to add dev-doc-needed to the bug that enables this by default. Thanks!
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•