Beginning on October 25th, 2016, Persona will no longer be an option for authentication on BMO. For more details see Persona Deprecated.
Last Comment Bug 828982 - Plugin block request: Foxit Reader Plugin and below due to critical vulnerability
: Plugin block request: Foxit Reader Plugin and below due to critical...
Product: Toolkit
Classification: Components
Component: Blocklisting (show other bugs)
: unspecified
: x86 Windows 7
: -- critical with 2 votes (vote)
: ---
Assigned To: Jorge Villalobos [:jorgev]
: juan becerra [:juanb]
: Jorge Villalobos [:jorgev]
Depends on:
  Show dependency treegraph
Reported: 2013-01-10 06:21 PST by [:philipp]
Modified: 2016-03-07 15:30 PST (History)
16 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

CTP Foxit Reader Plugin (86.74 KB, image/png)
2013-01-14 11:24 PST, juan becerra [:juanb]
no flags Details

Description [:philipp] 2013-01-10 06:21:36 PST
according to reports the foxit pdf browser plugin is affected by a highly critical vulnerability which can be exploited to inject malicious code:

please consider blocking it up to the latest plugin version in order to protect users...
Comment 1 Scoobidiver (away) 2013-01-14 07:36:07 PST
philipp, you should have used the link in

Version is the current version.

Plugin name: Foxit Reader Plugin
Plugin versions to block: and below
Applications, versions, and platforms affected: Windows
Block severity: (hard/soft)

How does this plugin appear in about:plugins?
    File: npFoxitReaderPlugin.dll
    Description: Foxit Reader Plug-In For Firefox and Netscape

Homepage and other references and contact info:

Comment 2 Jorge Villalobos [:jorgev] 2013-01-14 09:53:40 PST

It is currently staged as a CTP block, but I'm not sure if this is the right UX to provide in this case. I don't know if the PDF download will be triggered, or if the CTP UI will appear. If it doesn't, maybe we should go for a softblock.
Comment 3 Benjamin Smedberg [:bsmedberg] 2013-01-14 10:44:51 PST
The desired UI is the CTP block. I believe it should work, but QA should verify before we push this live.
Comment 4 juan becerra [:juanb] 2013-01-14 11:23:12 PST
I've tested this on staging. The block is CTP. When I try to open a PDF file I get the page showing the lego piece and the message saying the plugin has vulnerabilities. About:addons shows the plugin as enabled, but it shows the message that it is known to be vulnerable and to use with caution. If I click through it I can see the document.

We can move to production when you are ready.
Comment 5 juan becerra [:juanb] 2013-01-14 11:24:14 PST
Created attachment 701896 [details]
CTP Foxit Reader Plugin
Comment 6 Alex Keybl [:akeybl] 2013-01-14 11:41:29 PST
Let's give people on the mailing list an hour or two to respond with any last minute issues, and then move this to production.
Comment 7 Jorge Villalobos [:jorgev] 2013-01-14 13:07:49 PST
The block is now live:
Comment 8 juan becerra [:juanb] 2013-01-14 13:40:32 PST
This has been verified on production.

Note You need to log in before you can comment on or make changes to this bug.