Last Comment Bug 832038 - CTP Plugin block request: Flash 10.2.* and lower (for 1/29 push, FF18 and up)
: CTP Plugin block request: Flash 10.2.* and lower (for 1/29 push, FF18 and up)
Status: VERIFIED FIXED
[plugin] [start at comment 2]
:
Product: Toolkit
Classification: Components
Component: Blocklisting (show other bugs)
: unspecified
: All All
: -- normal (vote)
: ---
Assigned To: Jorge Villalobos [:jorgev]
: juan becerra [:juanb]
:
Mentors:
Depends on:
Blocks: 704158
  Show dependency treegraph
 
Reported: 2013-01-17 14:57 PST by Alex Keybl [:akeybl]
Modified: 2016-03-07 15:30 PST (History)
6 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description Alex Keybl [:akeybl] 2013-01-17 14:57:26 PST
We should move forward with blocking all versions of Flash 10.3 less than 10.3.183.50 on 1/29 for FF18 and up.

According to https://wiki.mozilla.org/Blocklisting/PluginBlocks, that would mean taking https://addons.mozilla.org/firefox/blocked/p176 and changing the targeted Firefox and Flash versions.
Comment 1 Alex Keybl [:akeybl] 2013-01-17 15:03:35 PST
(In reply to Alex Keybl [:akeybl] from comment #0)
> We should move forward with blocking all versions of Flash 10.3 less than
> 10.3.183.50 on 1/29 for FF18 and up.
> 
> According to https://wiki.mozilla.org/Blocklisting/PluginBlocks, that would
> mean taking https://addons.mozilla.org/firefox/blocked/p176 and changing the
> targeted Firefox and Flash versions.

CTP blocking*
Comment 2 Alex Keybl [:akeybl] 2013-01-17 15:39:06 PST
Just looked back at our original notes - the plan is to start by blocking 10.2.* and lower. Re-summarizing. We may not be able to just change https://addons.mozilla.org/firefox/blocked/p176 given that.
Comment 3 Jorge Villalobos [:jorgev] 2013-01-18 13:55:37 PST
The new block is staged here:
https://addons-dev.allizom.org/en-US/firefox/blocked/p267

It is limited to 18.0a1 - 18.* because p176 already covers 19.0a1 - * and I want to avoid overlap.

I also added SeaMonkey 2.15a1 - * to try to keep the CTP blocks for both applications aligned. Frank, let me know if that's okay with you, and please test this block if that's the case.
Comment 4 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2013-01-18 14:50:09 PST
I've asked Paul Silaghi via email to do the testing for Firefox 18 while I am out the next week. He'll post his results here before Jan 28.
Comment 5 Paul Silaghi, QA [:pauly] 2013-01-21 08:00:59 PST
I managed to verify this only on Windows so far and everything looks OK.
Flash 10.1.85.3, 10.1.102.64, 10.2.152.26, 10.2.159.1 are CTP blocked on staging on
Firefox 18.0a1 (2012-10-01), 18.0a2 (2012-11-01), 18.0b6, 18.0, 18.0.1.
I'll continue on Mac tomorrow.
Comment 6 Paul Silaghi, QA [:pauly] 2013-01-22 07:47:18 PST
Flash 10.1.x and 10.2.x seem to be infobar blocked on Mac instead of CTP blocked.
Jorge?
Comment 7 Jorge Villalobos [:jorgev] 2013-01-22 09:37:42 PST
Yes, there's overlap with block p94 for Mac OS. See https://wiki.mozilla.org/Blocklisting/PluginBlocks

We would need to limit p94 to 0 - 17.* to avoid any overlap. Alex, what do you think?
Comment 8 Alex Keybl [:akeybl] 2013-01-22 10:10:36 PST
(In reply to Jorge Villalobos [:jorgev] from comment #7)
> Yes, there's overlap with block p94 for Mac OS. See
> https://wiki.mozilla.org/Blocklisting/PluginBlocks
> 
> We would need to limit p94 to 0 - 17.* to avoid any overlap. Alex, what do
> you think?

That sounds like a plan. CTP is a superset of infobar, so we can limit p94 to FF17 and below.
Comment 9 Jorge Villalobos [:jorgev] 2013-01-22 11:46:06 PST
(In reply to Paul Silaghi [QA] from comment #6)
> Flash 10.1.x and 10.2.x seem to be infobar blocked on Mac instead of CTP
> blocked.
> Jorge?

Paul, please test these cases again. The original block has been limited, so the CTP block should now apply correctly.
Comment 10 Paul Silaghi, QA [:pauly] 2013-01-23 02:20:35 PST
(In reply to Paul Silaghi [QA] from comment #5)
> I managed to verify this only on Windows so far and everything looks OK.
> Flash 10.1.85.3, 10.1.102.64, 10.2.152.26, 10.2.159.1 are CTP blocked on
> staging on
> Firefox 18.0a1 (2012-10-01), 18.0a2 (2012-11-01), 18.0b6, 18.0, 18.0.1.
> I'll continue on Mac tomorrow.
Now everything's OK on Mac too.
Comment 11 Jorge Villalobos [:jorgev] 2013-01-29 11:33:17 PST
The block is now live in production: https://addons.mozilla.org/en-US/firefox/blocked/p260

Please give it an hour or so before testing.
Comment 12 juan becerra [:juanb] 2013-01-29 13:47:51 PST
I've verified this in production. Flash versions 10.2x and below are blocked with CTP on Windows and Mac using Fx18.0.1.

I get an info bar on Mac with Fx versions less than or equal to 17.0.1, and I get an info bar on Windows with Firefox versions less than or equal to 16.0.2 according to:

https://wiki.mozilla.org/Blocklisting/PluginBlocks
Comment 13 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2013-01-31 14:02:22 PST
Marking verified fixed based on comment 12. Thanks Juan for your help.
Comment 14 Frank Wein [:mcsmurf] 2013-02-02 03:10:14 PST
Jorge: Thanks for the CTP block for SeaMonkey (was a bit busy with other things in the last days, so my reply is a bit late...). Look like you added the Flash block for SeaMonkey 2.14a1 and above (your comment said SeaMonkey 2.15a1 and above), but that's fine as at least SeaMonkey 2.14 final version supports CTP blocks. I wonder why the Flash has not been CTP blocked as well on Firefox 17? From what I know FF17 supports CTP blocks fine, no? Personally I think CTP is better than infobar. Of course with infobar the user does not need to take action to get the plugin working, with CTP the user has to. But after all it's for the user's security :).
Comment 15 Jorge Villalobos [:jorgev] 2013-02-04 08:46:26 PST
The versions covered by the ctp blocks are decided by the release drivers. I think we're just trying to be cautious about the impact and reduce noise that could be caused by problems in previous versions of Firefox.  I don't know if we'll continue just blocking "current and above", or setting 18 as a baseline for future blocks.
Comment 16 Jorge Villalobos [:jorgev] 2013-02-04 08:47:07 PST
I just realized that 17 is an ESR release, so that might be another factor.
Comment 17 Alex Keybl [:akeybl] 2013-02-04 09:47:18 PST
(In reply to Jorge Villalobos [:jorgev] from comment #16)
> I just realized that 17 is an ESR release, so that might be another factor.

Yep - we should let the latest CTP changes (17.0.2/17.0.3) go out before changing this to 17 and up.

Note You need to log in before you can comment on or make changes to this bug.