Disable bug 1186948 (via pref)

RESOLVED FIXED in Firefox 50

Status

()

Core
Plug-ins
P1
normal
RESOLVED FIXED
2 years ago
a year ago

People

(Reporter: Benjamin Smedberg, Assigned: Benjamin Smedberg)

Tracking

unspecified
mozilla51
Points:
---

Firefox Tracking Flags

(firefox49 unaffected, firefox50blocking fixed, firefox51blocking fixed)

Details

MozReview Requests

()

Submitter Diff Changes Open Issues Last Updated
Loading...
Error loading review requests:

Attachments

(1 attachment)

(Assignee)

Description

2 years ago
Bug 1186948 is not ready to ship: we're seeing both false-negatives, bug 1294341, as well as false positives, bug 1295984, and I believe the risk of shipping this is high because it could make it difficult for us to release vulnerable plugin blocks.

We're going to keep evaluating and experimenting, but turn this off by default for now.
(Assignee)

Updated

2 years ago
status-firefox49: --- → unaffected
status-firefox50: --- → affected
status-firefox51: --- → affected
tracking-firefox50: --- → blocking
tracking-firefox51: --- → blocking
Priority: -- → P1
(Assignee)

Updated

2 years ago
Assignee: nobody → benjamin
Comment hidden (mozreview-request)

Comment 4

2 years ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/ee6036f333ed
Status: NEW → RESOLVED
Last Resolved: 2 years ago
status-firefox51: affected → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
I believe we want to uplift this, no? Bug 1186948 landed in 50 and rode the trains up.
Flags: needinfo?(benjamin)

Comment 6

2 years ago
Bug 1186948 also causes the Plugin Check page to fail detecting Flash when set to click-to-play. I assume this is expected but shouldn’t it be considered a security risk?
status-firefox51: fixed → affected
Target Milestone: mozilla51 → ---

Comment 7

2 years ago
Oops sorry (cached page).
status-firefox51: affected → fixed
Target Milestone: --- → mozilla51
(Assignee)

Comment 8

2 years ago
Comment on attachment 8782107 [details]
Bug 1296004 - Disable bug 1186948 via a new pref,

Approval Request Comment
[Feature/regressing bug #]: bug 1186948
[User impact if declined]: Inability to confidently deploy plugin blocklist; potentially worse experience for users who have Flash marked ask-to-activate.
[Describe test coverage new/current, TreeHerder]: Landed to m-c, manual testing that we have properly reverted to the old behavior
[Risks and why]: Reversion to previous behavior by adding a pref, not reverting the code altogether. Fairly low risk, but not as low as a straight-up backout.
[String/UUID change made/needed]: None
Flags: needinfo?(benjamin)
Attachment #8782107 - Flags: approval-mozilla-aurora?

Comment 9

2 years ago
Comment on attachment 8782107 [details]
Bug 1296004 - Disable bug 1186948 via a new pref,

Makes sense, Aurora50+
Attachment #8782107 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Hello Wes, just fyi, this was approved 2 days back and hasn't bee uplift to Aurora yet. Thanks!
Flags: needinfo?(wkocher)
Flags: needinfo?(wkocher)

Comment 11

2 years ago
bugherderuplift
https://hg.mozilla.org/releases/mozilla-aurora/rev/d6be383e84be
status-firefox50: affected → fixed
Quick note from docs team: this wasn’t marked dev-doc-needed but I found it anyway, which is good. :)

Please remember to add dev-doc-needed to the bug that enables this by default. Thanks!
See Also: → bug 1323064
You need to log in before you can comment on or make changes to this bug.