Last Comment Bug 421993 - Yahoo Application State Plugin Blocklisting
: Yahoo Application State Plugin Blocklisting
[see bug 419127][server side]
Product: Toolkit
Classification: Components
Component: Blocklisting (show other bugs)
: unspecified
: x86 Windows XP
: P2 normal (vote)
: 3.4
Assigned To: Nobody; OK to take it and work on it
: Jorge Villalobos [:jorgev]
Depends on: 391633 391731 419127 447605
  Show dependency treegraph
Reported: 2008-03-10 17:54 PDT by Carsten Book [:Tomcat]
Modified: 2016-03-07 15:30 PST (History)
24 users (show)
mbeltzner: blocking‑firefox3+
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

yahoo state plugin screenshot (244.73 KB, image/png)
2008-04-04 21:38 PDT, Tony Chung [:tchung]
no flags Details

Description Carsten Book [:Tomcat] 2008-03-10 17:54:46 PDT
Per Bug 419127 the Yahoo Application State Plugin is causing currently crashes on Yahoo Sites on Trunk. To prevent Users from Crashes with this Plugin (is also shipped with the Yahoo Messenger), we might need to blocklist this Plugin. 

I think a problem could be, that i don't see a version number in about:plugins. This might be a problem when this Plugin Problem is fixed. Any thoughts ?
Comment 1 Carsten Book [:Tomcat] 2008-03-10 18:01:51 PDT
According to my System with the latest Yahoo Messenger installed, the Plugin has version
Comment 2 Marcia Knous [:marcia - use ni] 2008-03-11 14:58:06 PDT
Adding kev to this bug, he may have some ideas about who to contact at Yahoo.
Comment 3 Carsten Book [:Tomcat] 2008-03-11 15:07:07 PDT
(In reply to comment #2)
> Adding kev to this bug, he may have some ideas about who to contact at Yahoo.

Note, see Bug 419127, yahoo is already informed about this, this bug is about bocklist the "old" plugin that cause this crash.
Comment 4 Johnny Stenback (:jst, 2008-03-12 16:37:20 PDT
Pav, what's the plan here, are we going to attempt to fix this, or do we need to blocklist plugins that don't play nice?
Comment 5 Stuart Parmenter 2008-03-12 17:32:22 PDT
we should push as hard as we can to get vendors to fix their plugins.  I'm not actively working on a workaround for them.  If these things are still an issue in the next release I'll take another look at a workaround.
Comment 6 Basil Hashem [:baz] 2008-03-17 14:14:00 PDT
Once all the Fx3 bugs regarding plugin blocklisting are complete (bug 391731) - we'll want to update the production blocklist with this plugin.
Comment 7 Jonas Sicking (:sicking) No longer reading bugmail consistently 2008-03-17 15:27:14 PDT
What is the latest word from Yahoo on this? Has anyone heard anything lately?
Comment 8 Kev Needham [:kev] 2008-03-17 15:34:35 PDT
I'll ping the product manager for an update.
Comment 9 Damon Sicore (:damons) 2008-03-17 15:52:32 PDT
Who owns this bug?   
Comment 10 Stuart Parmenter 2008-03-17 15:55:26 PDT
Damon: This is effectively a tracking bug, trying to get Yahoo to fix their plugin.  Should that fail, we'll have to do some kind of workaround (in another bug).  I'll probably have to do some of that work.
Comment 11 Basil Hashem [:baz] 2008-03-17 17:06:49 PDT
Moving it to the new Blocklisting component for
Comment 12 Michael Morgan [:morgamic] 2008-03-17 17:08:08 PDT
Stuart/Damon - looks like bug 419127 is the tracking bug, we'll use this to track the blocklisting portion.

Could you guys update this if/when you decide blocklisting is going to happen?
Comment 13 Carsten Book [:Tomcat] 2008-04-03 13:46:03 PDT
Restoring lost blocking flag
Comment 14 Mike Beltzner [:beltzner, not reading bugmail] 2008-04-03 13:49:53 PDT
Per comment 3, it looks like no matter what we'll want to blocklist the bad version of the plugin to make sure that people update to the good (non-crashy!) version.
Comment 15 Michael Morgan [:morgamic] 2008-04-04 05:22:35 PDT
Mike -- okay, going to bump this up and work on testing the live service with Tony.  Submitted what I think is my final patch for bug 391633, so after we test it we'll launch.
Comment 16 Tony Chung [:tchung] 2008-04-04 15:37:25 PDT
morgamic: could you figure out what name description and filename would be?
[3:24pm] tchung: morgamic, if you wanna comment in the bug,  the  staging url you want me to test with, i can tackle this over the weekend also
[3:24pm] morgamic: yea, i'll set this up before weekend
[3:24pm] tchung: ah, just a sec.  i'll have to dig it up..
[3:25pm] Tomcat: npYState.dll
[3:25pm] Tomcat: Yahoo Application State Plugin
[3:25pm] tchung: thanks tomcat!
[3:25pm] tchung: morgamic ^^
[3:27pm] Tomcat: description is: npYState
Comment 17 Tony Chung [:tchung] 2008-04-04 16:38:03 PDT
morgamic: for now i'll set version as 3.0pre
[4:23pm] tchung: so nightlies only?
[4:23pm] morgamic: yea, for now until i figure out how to do it for ranges
[4:24pm] morgamic: it's a 1-hour fix but i have to leave in 5 min
[4:26pm] morgamic: tchung:{ec8030f7-c20a-464f-9b0e-13a3a9e97384}&appVersion=3.0pre
[4:26pm] morgamic: need VPN, and host entry for the subdomain:
Comment 18 Tony Chung [:tchung] 2008-04-04 18:38:33 PDT
Mike, this test has failed.   The yahoo application state plugin is failing to get blocklisted using the url you gave me.

Tested against the nightly: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9pre) Gecko/2008040404 Minefield/3.0pre

Steps to repro:
1) download Y! messenger on XP and install it.
2) install nightly build on XP
2a) openVPN over to MPT-mozilla to access
3) goto about:config and set extensions.blocklist.url ={ec8030f7-c20a-464f-9b0e-13a3a9e97384}&appVersion=3.0pre
4) Restart firefox
5) Check about:plugins or Addons Manager > Plugins tab, and verify "Yahoo Application State Plugin" is still enabled
6) For additional verification, go to, click any link, and verify crash.

Stack trace:
Comment 19 Tony Chung [:tchung] 2008-04-04 19:09:30 PDT
hmm, i just realized i used extensions.blocklist.url so this testcase may not work.   Is there a plugins.blocklist.url type of setting?  If not, what is the correct configuration i need to set the url to?  Mossop?
Comment 20 Michael Morgan [:morgamic] 2008-04-04 19:24:47 PDT
Can you actually load the xml file?
Comment 21 Tony Chung [:tchung] 2008-04-04 19:25:30 PDT
oh i need to try setting extensions.blocklist.interval to 30 and app.update.timer to 60 to accelerate the download of the blocklist.  I'll retest and report back.
Comment 22 Michael Morgan [:morgamic] 2008-04-04 19:27:31 PDT
Tony, I wrote this with stephend last year:

See if that helps, and we should update that if possible.
Comment 23 Tony Chung [:tchung] 2008-04-04 21:38:08 PDT
Created attachment 313764 [details]
yahoo state plugin screenshot

No luck.  i made the value changes from my last comment, but its still not seeing the plugin being blocklisted.

Yes, i can see the XML file, tunneling through MPT.

Screenshot attached.  (Yahoo Application State Plugin shows "enabled")
Comment 24 Michael Morgan [:morgamic] 2008-04-05 01:03:54 PDT
Ok, so either one of the match elements is wrong or the local blocklist.xml file is not being updated.  Did you check to see if the local blocklist.xml was ever touched/updated?
Comment 25 Dave Townsend [:mossop] 2008-04-05 03:59:57 PDT
The description for the plugin is incorrect. it should be "Yahoo Application State Plugin"
Comment 26 Tony Chung [:tchung] 2008-04-05 23:53:04 PDT
yes, the local blocklist.xml timestamp was updated.   Let me know when you change the description name per dave's comment, and i'll retry the test.  Thanks
Comment 27 Michael Morgan [:morgamic] 2008-04-06 02:23:37 PDT
Done... verify that this is what we need.  I made description 'npYState' based on what was asked in IRC (comment #16).

<match name="name" exp="Yahoo Application State Plugin"/>
<match name="description" exp="Yahoo Application State Plugin"/>
<match name="filename" exp="npYState.dll"/>
Comment 28 Michael Morgan [:morgamic] 2008-04-06 02:26:22 PDT
What's about:plugins say?
Comment 29 Dave Townsend [:mossop] 2008-04-06 04:08:51 PDT
I took that description from about:plugins, but you have to know how to read it as there is a confusing "Description" column which isn't the plugin description.

In general, the title-like bit is the name, directly below that is the obvious file name. The line below that, before the table, is the description.
Comment 30 Tony Chung [:tchung] 2008-04-06 20:51:46 PDT
The change is now working correctly.  I can see the yahoo application state plugin being disabled on plugins manager, and the line item is removed from about:plugins.  The crash on is not there anymore.

The last step is to turn it on in production and add the bullet point to   I'll verify when its live. 

Comment 31 Michael Morgan [:morgamic] 2008-04-11 11:33:46 PDT
Hey guys, we're planning on deploying the change from bug 391633 this Tuesday during an outage window.  During that time we'll be able to also add the entry for this bug and close it out.
Comment 32 Michael Morgan [:morgamic] 2008-04-15 11:06:34 PDT
FYI - still on track for tonight...
Comment 33 Mike Beltzner [:beltzner, not reading bugmail] 2008-04-16 13:40:51 PDT
Can someone please describe to me what the user experience is going to be here?
Comment 34 Kev Needham [:kev] 2008-04-16 13:45:48 PDT
Requesting additional information from Y!
Comment 35 Mike Beltzner [:beltzner, not reading bugmail] 2008-04-16 15:42:02 PDT
I've spoken with tony and kev, and am OK with this happening for Firefox 3, so a=beltzner for blocklisting this. Not sure if that's always going to be needed or if I'm just being a prima-donna about that. We should probably cue up a discussion about this, but hopefully blocking plugins will be as rare as blocking add-ons has been.
Comment 36 Jonas Sicking (:sicking) No longer reading bugmail consistently 2008-04-16 15:46:59 PDT
I'm pretty bummed though that we haven't heard anything from yahoo regarding this apparently.

At the very least it's good if us blocking them doesn't cause hurt feelings.

Even better is if the right info reach the right people over there to fix this on their end.
Comment 37 Dave Townsend [:mossop] 2008-04-16 15:54:04 PDT
(In reply to comment #36)
> I'm pretty bummed though that we haven't heard anything from yahoo regarding
> this apparently.
> At the very least it's good if us blocking them doesn't cause hurt feelings.
> Even better is if the right info reach the right people over there to fix this
> on their end.

There have been emails going around between various people. I think Yahoo have all the info they need to both fix the crashing and make the new version not be blocklisted. Last email I saw was around 5 days ago.
Comment 38 Kev Needham [:kev] 2008-04-16 16:09:15 PDT
Y! has fixed this, and the fix will be released on May 12.
Comment 39 Jonas Sicking (:sicking) No longer reading bugmail consistently 2008-04-16 17:00:54 PDT
Yay! Excellent, thanks guys!
Comment 40 Michael Morgan [:morgamic] 2008-04-16 18:09:57 PDT
Blocklisted for Firefox 3.0a1 and newer.
Comment 41 Carsten Book [:Tomcat] 2008-04-16 18:11:17 PDT
verified fixed using Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9pre) Gecko/2008041606 Minefield/3.0pre ID:2008041606
Plugin is bocklisted !

Note You need to log in before you can comment on or make changes to this bug.