Closed Bug 421993 Opened 16 years ago Closed 16 years ago

Yahoo Application State Plugin Blocklisting

Categories

(Toolkit :: Blocklist Policy Requests, defect, P2)

x86
Windows XP
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: cbook, Unassigned)

References

Details

(Whiteboard: [see bug 419127][server side])

Attachments

(1 file)

Per Bug 419127 the Yahoo Application State Plugin is causing currently crashes on Yahoo Sites on Trunk. To prevent Users from Crashes with this Plugin (is also shipped with the Yahoo Messenger), we might need to blocklist this Plugin. 

I think a problem could be, that i don't see a version number in about:plugins. This might be a problem when this Plugin Problem is fixed. Any thoughts ?
According to my System with the latest Yahoo Messenger installed, the Plugin has version 1.0.0.5
Flags: blocking1.9?
Adding kev to this bug, he may have some ideas about who to contact at Yahoo.
(In reply to comment #2)
> Adding kev to this bug, he may have some ideas about who to contact at Yahoo.
> 

Note, see Bug 419127, yahoo is already informed about this, this bug is about bocklist the "old" plugin that cause this crash.
Depends on: 391633
Pav, what's the plan here, are we going to attempt to fix this, or do we need to blocklist plugins that don't play nice?
we should push as hard as we can to get vendors to fix their plugins.  I'm not actively working on a workaround for them.  If these things are still an issue in the next release I'll take another look at a workaround.
Once all the Fx3 bugs regarding plugin blocklisting are complete (bug 391731) - we'll want to update the production blocklist with this plugin.
Depends on: 391731
What is the latest word from Yahoo on this? Has anyone heard anything lately?
Flags: blocking1.9? → blocking1.9+
Priority: -- → P2
I'll ping the product manager for an update.
Who owns this bug?   
Damon: This is effectively a tracking bug, trying to get Yahoo to fix their plugin.  Should that fail, we'll have to do some kind of workaround (in another bug).  I'll probably have to do some of that work.
Moving it to the new Blocklisting component for addons.mozilla.org
Component: Plug-ins → Blocklisting
Flags: blocking1.9+
Product: Core → addons.mozilla.org
QA Contact: plugins → blocklisting
Version: Trunk → unspecified
Stuart/Damon - looks like bug 419127 is the tracking bug, we'll use this to track the blocklisting portion.

Could you guys update this if/when you decide blocklisting is going to happen?
Restoring lost blocking flag
Flags: blocking-firefox3?
Per comment 3, it looks like no matter what we'll want to blocklist the bad version of the plugin to make sure that people update to the good (non-crashy!) version.
Flags: blocking-firefox3? → blocking-firefox3+
Whiteboard: [see bug 419127]
Mike -- okay, going to bump this up and work on testing the live service with Tony.  Submitted what I think is my final patch for bug 391633, so after we test it we'll launch.
morgamic: could you figure out what name description and filename would be?
[3:24pm] tchung: morgamic, if you wanna comment in the bug,  the  staging url you want me to test with, i can tackle this over the weekend also
[3:24pm] morgamic: yea, i'll set this up before weekend
[3:24pm] tchung: ah, just a sec.  i'll have to dig it up..
[3:25pm] Tomcat: npYState.dll
[3:25pm] Tomcat: Yahoo Application State Plugin
[3:25pm] tchung: thanks tomcat!
[3:25pm] tchung: morgamic ^^
[3:27pm] Tomcat: description is: npYState
morgamic: for now i'll set version as 3.0pre
[4:23pm] tchung: so nightlies only?
[4:23pm] morgamic: yea, for now until i figure out how to do it for ranges
[4:24pm] morgamic: it's a 1-hour fix but i have to leave in 5 min
[4:26pm] morgamic: tchung: http://morgamic.khan.mozilla.org/amo-reskin/site/services/blocklist.php?reqVersion=1&appGuid={ec8030f7-c20a-464f-9b0e-13a3a9e97384}&appVersion=3.0pre
[4:26pm] morgamic: need VPN, and host entry for the subdomain: 10.2.74.111 morgamic.khan.mozilla.org
Mike, this test has failed.   The yahoo application state plugin is failing to get blocklisted using the url you gave me.

Tested against the nightly: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9pre) Gecko/2008040404 Minefield/3.0pre

Steps to repro:
1) download Y! messenger on XP and install it.
2) install nightly build on XP
2a) openVPN over to MPT-mozilla to access khan.mozilla.org
3) goto about:config and set extensions.blocklist.url = http://morgamic.khan.mozilla.org/amo-reskin/site/services/blocklist.php?reqVersion=1&appGuid={ec8030f7-c20a-464f-9b0e-13a3a9e97384}&appVersion=3.0pre
4) Restart firefox
5) Check about:plugins or Addons Manager > Plugins tab, and verify "Yahoo Application State Plugin" is still enabled
6) For additional verification, go to http://sports.yahoo.com, click any link, and verify crash.

Stack trace: http://crash-stats.mozilla.com/report/index/bbab51a3-0267-11dd-9e5b-0013211cbf8a
hmm, i just realized i used extensions.blocklist.url so this testcase may not work.   Is there a plugins.blocklist.url type of setting?  If not, what is the correct configuration i need to set the url to?  Mossop?
Can you actually load the xml file?
oh i need to try setting extensions.blocklist.interval to 30 and app.update.timer to 60 to accelerate the download of the blocklist.  I'll retest and report back.
Tony, I wrote this with stephend last year:
http://wiki.mozilla.org/Extension_Blocklisting:Testing

See if that helps, and we should update that if possible.
No luck.  i made the value changes from my last comment, but its still not seeing the plugin being blocklisted.

Yes, i can see the XML file, tunneling through MPT.

Screenshot attached.  (Yahoo Application State Plugin shows "enabled")
Ok, so either one of the match elements is wrong or the local blocklist.xml file is not being updated.  Did you check to see if the local blocklist.xml was ever touched/updated?
The description for the plugin is incorrect. it should be "Yahoo Application State Plugin"
yes, the local blocklist.xml timestamp was updated.   Let me know when you change the description name per dave's comment, and i'll retry the test.  Thanks
Done... verify that this is what we need.  I made description 'npYState' based on what was asked in IRC (comment #16).

<match name="name" exp="Yahoo Application State Plugin"/>
<match name="description" exp="Yahoo Application State Plugin"/>
<match name="filename" exp="npYState.dll"/>
What's about:plugins say?
I took that description from about:plugins, but you have to know how to read it as there is a confusing "Description" column which isn't the plugin description.

In general, the title-like bit is the name, directly below that is the obvious file name. The line below that, before the table, is the description.
The change is now working correctly.  I can see the yahoo application state plugin being disabled on plugins manager, and the line item is removed from about:plugins.  The crash on sports.yahoo.com is not there anymore.

The last step is to turn it on in production and add the bullet point to http://en-us.www.mozilla.com/en-US/blocklist/.   I'll verify when its live. 

Depends on: 419127
Target Milestone: --- → 3.4
Hey guys, we're planning on deploying the change from bug 391633 this Tuesday during an outage window.  During that time we'll be able to also add the entry for this bug and close it out.
Whiteboard: [see bug 419127] → [see bug 419127][server side]
FYI - still on track for tonight...
Can someone please describe to me what the user experience is going to be here?
Requesting additional information from Y!
I've spoken with tony and kev, and am OK with this happening for Firefox 3, so a=beltzner for blocklisting this. Not sure if that's always going to be needed or if I'm just being a prima-donna about that. We should probably cue up a discussion about this, but hopefully blocking plugins will be as rare as blocking add-ons has been.
I'm pretty bummed though that we haven't heard anything from yahoo regarding this apparently.

At the very least it's good if us blocking them doesn't cause hurt feelings.

Even better is if the right info reach the right people over there to fix this on their end.
(In reply to comment #36)
> I'm pretty bummed though that we haven't heard anything from yahoo regarding
> this apparently.
> 
> At the very least it's good if us blocking them doesn't cause hurt feelings.
> 
> Even better is if the right info reach the right people over there to fix this
> on their end.

There have been emails going around between various people. I think Yahoo have all the info they need to both fix the crashing and make the new version not be blocklisted. Last email I saw was around 5 days ago.
Y! has fixed this, and the fix will be released on May 12.
Blocklisted for Firefox 3.0a1 and newer.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
verified fixed using Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9pre) Gecko/2008041606 Minefield/3.0pre ID:2008041606
Plugin is bocklisted !
Status: RESOLVED → VERIFIED
Depends on: 447605
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: