Closed
Bug 959145
Opened 11 years ago
Closed 11 years ago
Loading a site in sidebar bypasses CTP
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: sjw+bugzilla, Unassigned)
References
Details
(Whiteboard: [bugday-20140113])
STR:
1. Bookmark a site that uses plugins (e.g. Java). Make sure the plugin is set to CTP.
2. Edit the properties of the bookmark to load it in the sidebar
3. Open the bookmark
The site will execute the plugins without asking.
Blocks: click-to-play
Whiteboard: [bugday-20140113]
Comment 1•11 years ago
|
||
I cannot reproduce this. I created a bookmark for http://benjamin.smedbergs.us/tests/ctptests/java-solo.html and set it to load in the sidebar. Where the plugin is supposed to be is the grey CtP background. There is in fact no way to activate the plugin because we don't install a click listener on the CtP overlay.
Flags: needinfo?(sjw)
Testcase works fine for me.
The site I used to test it was https://www.mozilla.org/en-US/plugincheck/ with the Java SDK Plugin.
Flags: needinfo?(sjw)
Comment 3•11 years ago
|
||
How do you know that Java is running? I loaded plugincheck in the sidebar, and it says my Java is up to date, but I'm about 99% certain that it did not launch Java. It just uses navigator.plugins and navigator.mimeTypes to check the version numbers.
Flags: needinfo?(sjw)
When I run the test in the normal window, there is a warning that Java has security issues and if I would continue blocking or allow.
Flags: needinfo?(sjw)
Comment 5•11 years ago
|
||
We don't show that UI for the sidebar, but we also don't active the plugin.
Group: core-security
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•