Closed
Bug 822177
Opened 12 years ago
Closed 9 years ago
Clear History shouldn't execute plugins that are completely disabled
Categories
(Core Graveyard :: Plug-ins, defect, P3)
Tracking
(Not tracked)
RESOLVED
FIXED
mozilla38
People
(Reporter: trialuser7, Assigned: l0p3s222, Mentored)
References
Details
(Whiteboard: [lang=JS])
Attachments
(1 file)
956 bytes,
patch
|
benjamin
:
review+
|
Details | Diff | Splinter Review |
disabled flash in add-ons manager, confirmed ff 17.0.1 was killed and no child procs running, restarted ff, confirmed flash disabled and not running, ctrl+shift+del and cleared ("Clear All History"), FlashPlayerPlugin_11_5_502_110.exe (2 of them) launched from ff plugin container solution: we can clear our history without letting flash know. other: didn't check where our data is cleared and flash is awakened. it may be possible that: (@sec) he is able to run away with our data if called before clear is finished he is able to run away with saved flash data when called this way
Comment 1•12 years ago
|
||
Flash is launched to delete the flash "supercookies" that are stored inside the flash plugin.
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → INVALID
Comment 2•12 years ago
|
||
Wait... we probably shouldn't be doing anything to the Flash plugin if the user has disabled it. Is that the actual bug report here?
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---
Updated•12 years ago
|
Flags: needinfo?(trialuser7)
Comment 3•12 years ago
|
||
Yes. (The reporter and I discussed this on IRC.)
Flags: needinfo?(trialuser7)
Summary: clear-history-plugin bug → Clear History shouldn't execute plugins that are completely disabled
Updated•12 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P3
Updated•10 years ago
|
Whiteboard: [mentor=benjamin@smedbergs.us][lang=JS]
Updated•10 years ago
|
Flags: firefox-backlog+
Updated•10 years ago
|
Mentor: benjamin
Whiteboard: [mentor=benjamin@smedbergs.us][lang=JS] → [lang=JS]
Assignee | ||
Comment 5•10 years ago
|
||
First attempt at patch. Prevent disabled addons from being loaded when trying to clear site data.
Attachment #8541356 -
Flags: review?(benjamin)
Assignee | ||
Updated•10 years ago
|
Assignee: nobody → l0p3s222
Comment 6•10 years ago
|
||
I'm on vacation currently: I should be able to provide feedback on Monday 5-Jan.
Comment 7•9 years ago
|
||
Comment on attachment 8541356 [details] [diff] [review] bug-822177.patch Or a week later! Sorry about that. I think this is ok. I was worried that JS callers would fail in unexpected ways, but both sanitize.js and ForgetAboutSite.jsm have try/catch handlers that cover this case.
Attachment #8541356 -
Flags: review?(benjamin) → review+
Comment 8•9 years ago
|
||
Do you need any help doing a try run on this or getting it landed?
Flags: needinfo?(l0p3s222)
Assignee | ||
Comment 9•9 years ago
|
||
I don't have try access so I would appreciate if you would push this for me. Thanks.
Flags: needinfo?(l0p3s222) → needinfo?(benjamin)
Comment 10•9 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=6652331e913b
Flags: needinfo?(benjamin)
Updated•9 years ago
|
Keywords: checkin-needed
Comment 11•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/f29bb4c35c4d
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/f29bb4c35c4d
Status: NEW → RESOLVED
Closed: 12 years ago → 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
Updated•9 years ago
|
Iteration: --- → 38.1 - 26 Jan
Flags: qe-verify?
Updated•9 years ago
|
QA Whiteboard: [good first verify]
Flags: qe-verify? → qe-verify-
Comment hidden (spam) |
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•