Closed Bug 428747 Opened 13 years ago Closed 13 years ago

overlay image over blocked swf not displayed when "Block Flash animations" is checked

Categories

(Camino Graveyard :: Annoyance Blocking, defect)

x86
macOS
defect
Not set
normal

Tracking

(Not tracked)

VERIFIED FIXED
Camino2.0

People

(Reporter: phiw2, Unassigned)

References

Details

(Keywords: regression)

This is a fallout of bug 292789. It affects Minefield as well.
Errors in Console:
Security Error: Content at http://www.youtube.com/watch?v=duOTEGOdVkE may not load or link to chrome://flashblock/content/flash.png.
Security Error: Content at http://www.youtube.com/watch?v=duOTEGOdVkE may not load or link to chrome://flashblock/content/flash.png.
Security Error: Content at http://www.youtube.com/watch?v=duOTEGOdVkE may not load or link to chrome://flashblock/content/flashplay.png.

My understanding of bug 292789 is that Flashblock will need to be upgraded.

FlashBlock bug:
https://www.mozdev.org/bugs/show_bug.cgi?id=18965
Ew.  We didn't get a complete fix for bug 292789, so we might be stuck :( 

http://tinyurl.com/4dbqes
Depends on: 292789
CC Benjamin
Blocks: 292789
No longer depends on: 292789
Severity: normal → major
Keywords: regression
Yeah, the non-toolkit chrome registry would need to implement this somehow...

One option is to just allow it for everything. That might be acceptable to Camino, perhaps.
Yeah, the current hack in rdf/chrome is "deny for all packages". Changing it to "allow for all packages" would be simple, if that's the right thing to do. Otherwise Camino will need to actually implement registration logic to implement this flag.
Camino is gtkmozembed right? So the potential attack surface would be very limited.
Given that Camino is presumably the only xpfe-rdf/chrome consumer left, and that bug 292789 wasn't deemed particularly important (security-wise), changing the behavior to "allow" seems (to me) to be a reasonable solution, and one that will likely be easier than implementing the allow/deny switch and chasing down which jar.mn files need to be fixed to get the proper allow flag for the relevant packages.

OTOH, if bug 292789 is truly wanted-1.8.1.x, rdf/chrome will have to be fixed anyway for SeaMonkey as well; the branch and trunk fixes would hopefully be pretty similar?

(We also are now in the unfortunate situation of having two bugs on this general issue: this one where the substantive discussion over the appropriate solution is taking place, and the much messier bug 428781 where the nominations are happening.  Even more fun, if the solution for rdf/chrome is "implement the full fix", this would have been the appropriate bug for fixing Camino's built-in Flashblock to allow access from web content....)
Blocks: 428781
Severity: major → normal
Summary: flashblock: overlay image over blocked movie not displayed → overlay image over blocked swf not displayed when "Block Flash animations" is checked
We (Camino) would be happy with "allow for all"; the information that can be leaked doesn't really apply to us.
Fixed by checkin in bug 428747.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → Camino2.0
(In reply to comment #8)
> Fixed by checkin in bug 428747.

Bug 428747 (is this bug) -> bug 428781 ;->
No longer blocks: 428781
Depends on: 428781
verified with
Version 2.0a1pre (1.9pre 2008041717)
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.