security review for plugin enabling in thunderbird

RESOLVED DUPLICATE of bug 491494

Status

Thunderbird
Security
P1
normal
RESOLVED DUPLICATE of bug 491494
10 years ago
9 years ago

People

(Reporter: dmose, Assigned: dmose)

Tracking

unspecified
Thunderbird 3.0b4
Bug Flags:
blocking-thunderbird3 +

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [needs plan][no l10n impact])

(Assignee)

Description

10 years ago
Thunderbird trunk is reported to have re-enabled plugins.  This is great from a user experience standpoint, but a little scary from a security standpoint.  Before we ship Thunderbird 3, we should try and get some Smart Security People in a room and think about what sort of exposure this introduces, whether it's truly The Right Thing, and whether there are any extra precautions we should be taking.
Flags: blocking-thunderbird3+

Comment 1

10 years ago
I'd like to add a little history here:
Plugin capability was never removed from trunk (although the pref was hidden)
This was not an oversight, and I like to think that I had something to do with that decision.
I can't find the original bug now, but the logic for removal of plugins in TB was that for Linux builds the plugin pref was being ignored.
So now, for the last 4 years, with the plugins XPI's being there all this time, I see no such bug reports, or complaints from Linux users.
I think that fact speaks much to the credibility of the decision to remove plugins from branch and release builds.
Now with core support for the <video> tag being there in the 1.9.1 branch, (and even without a pref to disable it AFAIK) the discussion of Plugins becomes moot to a certain extent.

"Smart Security People" are,in the end,"Security People"
Users of TB want security, but not at the expense of capability.

Bullet-proof the prefs, and let the user decide.

Sorry for spamming this bug, but I see no other forum to discuss these issues.
There are two things that I've seen recently that are relevant here:

Firstly, Thunderbird does access plugins and determines what is on the disk - there is no way in core to turn that off.

Secondly, (at least on Mac) the plugin pref is respected. I found this when I was playing around with some of the acid 2 tests (you won't be able to try this on current trunk, as it needs an additional patch to get that far).
(Assignee)

Updated

10 years ago
Assignee: nobody → dmose
Target Milestone: --- → Thunderbird 3.0b3
(Assignee)

Updated

9 years ago
Whiteboard: [dmose to draft plan week of 2009-04-13]
(Assignee)

Updated

9 years ago
Whiteboard: [dmose to draft plan week of 2009-04-13] → [dmose to draft plan]
(Assignee)

Updated

9 years ago
Priority: -- → P1
(Assignee)

Updated

9 years ago
Status: NEW → UNCONFIRMED
Whiteboard: [dmose to draft plan] → [needs plan]
(Assignee)

Updated

9 years ago
Status: UNCONFIRMED → ASSIGNED
(Assignee)

Updated

9 years ago
Target Milestone: Thunderbird 3.0b3 → Thunderbird 3.0b4

Updated

9 years ago
Whiteboard: [needs plan] → [needs plan][no l10n impact]
(Assignee)

Comment 3

9 years ago
This is happening as part of the bug 491494; marking as DUP.
Status: ASSIGNED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 491494
You need to log in before you can comment on or make changes to this bug.