Closed
Bug 974012
Opened 10 years ago
Closed 10 years ago
Make Unity Web Player click-to-play
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Tracking
()
VERIFIED
FIXED
2014-02-25
People
(Reporter: dveditz, Assigned: jorgev)
Details
Attachments
(1 file)
108.90 KB,
patch
|
Details | Diff | Splinter Review |
+++ This bug was initially created as a clone of Bug #967954 +++ We need to make the Unity Web Player (all versions) click to play to address bug 967954. The plugin developers are working on a fix and a future version may not need to be CtP. The very next update, however, will contain only a mitigation and not a complete fix so we probably want CtP for that one, too.
Assignee | ||
Comment 1•10 years ago
|
||
I need to know the plugin information for all platforms. On Mac OS, here's what I get for the latest version: File: Unity Web Player.plugin Path: /Library/Internet Plug-Ins/Unity Web Player.plugin Version: UnityPlayer version 3.5.0f4 I need the equivalent data on Linux and Windows to stage the block.
Keywords: qawanted
QA Contact: anthony.s.hughes
Comment 2•10 years ago
|
||
Windows info: Unity Player File: npUnity3D32.dll Path: C:\Users\bsmedberg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll Version: 4.3.4.31067 State: Enabled Unity Player 4.3.4f1 MIME Type Description Suffixes application/vnd.unity Unity Player datafile unity3d I don't see a Linux plugin available.
Comment 3•10 years ago
|
||
Benjamin is correct; Unity does not ship a Linux version of the Web Player.
(In reply to Jorge Villalobos [:jorgev] from comment #1) > I need to know the plugin information for all platforms. Do you just need the latest version or as many versions as we can find?
Assignee | ||
Comment 5•10 years ago
|
||
(In reply to Anthony Hughes, QA Mentor (:ashughes) from comment #4) > (In reply to Jorge Villalobos [:jorgev] from comment #1) > > I need to know the plugin information for all platforms. > > Do you just need the latest version or as many versions as we can find? I think that between comment #1 and comment #2 there's enough information. Thanks, anyway.
Assignee | ||
Comment 6•10 years ago
|
||
The blocks have been staged: https://addons-dev.allizom.org/en-US/firefox/blocked/p539 https://addons-dev.allizom.org/en-US/firefox/blocked/p541 They are both set for versions 0 to 4.5.0, and currently set with the "update unavailable" option. QA, please test on Windows and Mac OS with the latest version of the plugin installed.
Updated•10 years ago
|
Flags: needinfo?(anthony.s.hughes)
(In reply to Jorge Villalobos [:jorgev] from comment #6) > The blocks have been staged I just tried testing this with Firefox 27.0 on Window 7 64-bit and Unity 4.3.4.31067 and it's not working. Unity demos from http://unity3d.com/gallery/demos/live-demos# continue to load. I do not see the above block IDs in the blocklist file in my profile nor the application folder.
Flags: needinfo?(anthony.s.hughes)
To clarify, my steps are:
1. Start Firefox with a new profile
2. Open about:config
3. Change extensions.blocklist.interval to 10
4. Change extensions.blocklist.itemURL, replacing addons.mozilla.org with addons-dev.allizom.org
5. Restart Firefox
6. Open browser console and execute:
> Components.classes["@mozilla.org/extensions/blocklist;1"].getService(Components.interfaces.nsITimerCallback).notify(null);
7. Load the unity demos
Expected: Unity demos are click-to-play
Result: Unity demos load
Assignee | ||
Comment 9•10 years ago
|
||
(In reply to Anthony Hughes, QA Mentor (:ashughes) from comment #8) > 4. Change extensions.blocklist.itemURL, replacing addons.mozilla.org with > addons-dev.allizom.org The pref you want to change is extensions.blocklist.url, not extensions.blocklist.itemURL
Comment 10•10 years ago
|
||
(In reply to Jorge Villalobos [:jorgev] from comment #9) > The pref you want to change is extensions.blocklist.url, not > extensions.blocklist.itemURL Thanks Jorge. This is now showing as click-to-play on Windows. I'll now test Mac OSX.
Comment 11•10 years ago
|
||
I'm getting a different experience with Mac OSX. When I initially load the demo page I'm presented with the Mixed Content Blocking icon in the awesomebar. After updating the blocklist and reloading the page it's still there. If I click on this icon to allow content the demo loads. This is in contrast to Windows which does not show the Mixed Content Blocking icon and presents me with the Click-to-Play UI instead. I'm not sure how to proceed...
Comment 12•10 years ago
|
||
CCing Paul Silaghi. Paul, if we get an answer/resolution to comment 11 can you please continue the testing overnight? Thank you.
Comment 13•10 years ago
|
||
(In reply to Jorge Villalobos [:jorgev] from comment #1) > I need to know the plugin information for all platforms. On Mac OS, here's > what I get for the latest version: > > File: Unity Web Player.plugin > Path: /Library/Internet Plug-Ins/Unity Web Player.plugin > Version: UnityPlayer version 3.5.0f4 > > I need the equivalent data on Linux and Windows to stage the block. The latest Unity version from https://unity3d.com/webplayer is 4.3.4f1, and it's not blocked on FF 27, Mac OS X 10.8.5. (In reply to Anthony Hughes, QA Mentor (:ashughes) from comment #11) > I'm getting a different experience with Mac OSX. > When I initially load the demo page I'm presented with the Mixed Content > Blocking icon in the awesomebar. I can't reproduce this, FF 27, Mac OS X 10.8.5.
Assignee | ||
Comment 14•10 years ago
|
||
I just realized the version string has some text at the start, which breaks the version validation. I just switched to a regular expression test for the description, so we'll need testing again. This is dependent on the string being used in the description, so I think it would be useful to find old version of the plugin on Mac OS to see whether it has changed.
Comment 15•10 years ago
|
||
(In reply to Jorge Villalobos [:jorgev] from comment #14) > This is dependent on the string being used in the description, so I think it > would be useful to find old version of the plugin on Mac OS to see whether > it has changed. Paul, can you take care of this on Monday?
Flags: needinfo?(paul.silaghi)
Comment 16•10 years ago
|
||
(In reply to Anthony Hughes, QA Mentor (:ashughes) from comment #15) > Paul, can you take care of this on Monday? https://wiki.mozilla.org/QA/Plugins/About:Plugins#Unity_Web_Player
Flags: needinfo?(paul.silaghi)
Assignee | ||
Comment 17•10 years ago
|
||
Judging by those results, we can only block the 4.0 branch on Mac OS because that's when they began using the description field. Or we can just drop the restriction and block all versions, including future ones. Benjamin, what do you think?
Flags: needinfo?(benjamin)
Comment 18•10 years ago
|
||
If necessary we should issue blocks for mac-unity with an empty description or if the version is < 4.3.5.
Flags: needinfo?(benjamin)
Assignee | ||
Comment 19•10 years ago
|
||
OK, the staged block now should cover empty descriptions and anything < 4.3.5 on Mac OS. QA, please test again.
Comment 20•10 years ago
|
||
Works fine, with one exception (latest version): File: npUnity3D32.dll Path: C:\Users\paul.silaghi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll Version: 4.3.5.32006 State: Enabled (STATE_VULNERABLE_NO_UPDATE) Unity Player 4.3.5f1 - is blocked on Windows while File: Unity Web Player.plugin Path: /Library/Internet Plug-Ins/Unity Web Player.plugin Version: UnityPlayer version 4.3.5f1 State: Enabled Unity Web Player version 4.3.5f1. (c) 2013 Unity Technologies ApS. All rights reserved. - is not blocked on Mac OSX
Assignee | ||
Comment 21•10 years ago
|
||
Yes, I initially thought the block should go up to version 4.5.0. I just fixed that, and I'm moving the blocks to prod.
Assignee | ||
Comment 22•10 years ago
|
||
The blocks are now live: https://addons.mozilla.org/en-US/firefox/blocked/p556 https://addons.mozilla.org/en-US/firefox/blocked/p558
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → 2014-02-25
Comment 23•10 years ago
|
||
(In reply to Jorge Villalobos [:jorgev] from comment #22) > The blocks are now live: > https://addons.mozilla.org/en-US/firefox/blocked/p556 > https://addons.mozilla.org/en-US/firefox/blocked/p558 I won't have time to test this today since I'm focused on testing Firefox 28.0b6 so we can ship today. Paul, can you test the live blocks tonight?
Comment 24•10 years ago
|
||
(In reply to Jorge Villalobos [:jorgev] from comment #21) > Yes, I initially thought the block should go up to version 4.5.0. I just > fixed that, and I'm moving the blocks to prod. Now, besides 4.3.5, 4.3.4 is also not blocked on Windows. File: npUnity3D32.dll Path: C:\Users\paul.silaghi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll Version: 4.3.4.31067 State: Enabled Unity Player 4.3.4f1 Everything is ok on Mac.
Flags: needinfo?(paul.silaghi)
Assignee | ||
Comment 25•10 years ago
|
||
Made a small correction that should block 4.3.4 on Windows. Please check it again (no rush).
Flags: needinfo?(paul.silaghi)
Comment 26•10 years ago
|
||
Unity Player < 4.3.5 is now blocked correctly on Windows and Mac OS X. Verified fixed.
Comment 27•10 years ago
|
||
Tomcat, can you please make an equivalent change in plugincheck?
Flags: needinfo?(cbook)
Comment 28•10 years ago
|
||
(In reply to Benjamin Smedberg [:bsmedberg] from comment #27) > Tomcat, can you please make an equivalent change in plugincheck? done and pushed, thanks for the information guys
Flags: needinfo?(cbook)
Comment 29•10 years ago
|
||
(In reply to Carsten Book [:Tomcat] from comment #28) > done and pushed, thanks for the information guys Strangely enough "plugincheck" lists "Unity PlayerUnity Player 4.3.3f1" (Windows) as "Vulnerable" but the entry itself is under the "Unknown Plugin" heading (with a "Research" button). MAybe thats related to the "no update available" attribute?
Flags: needinfo?(cbook)
Updated•10 years ago
|
Flags: needinfo?(cbook)
Comment 30•10 years ago
|
||
Unity is up to 4.5.5. Is this version still vulnerable? Either way, the data for the page https://blocklist.addons.mozilla.org/en-US/firefox/blocked/p556 needs to be updated to either include the current version or allow updating to the current version.
Comment 31•10 years ago
|
||
Yes, 4.5.5 is still vulnerable and should be at least click-to-play.
Comment 32•9 years ago
|
||
was a fix ever found for this bug?
Comment 33•9 years ago
|
||
5.0.3f2 is still vulnerable and should be click-to-play 5.2.0f3 has fixed the problems I know about.
Flags: needinfo?(jorge)
Assignee | ||
Comment 34•9 years ago
|
||
What's the lowest version that isn't vulnerable?
Flags: needinfo?(jorge)
Comment 35•9 years ago
|
||
Scratch that, it should all be click to play. I'll update #967954.
Assignee | ||
Comment 36•9 years ago
|
||
Okay, so I'm updating the blocks to cover the following: 4.6.6f1 and lower 5.0 to 5.0.3f1
Comment 37•8 years ago
|
||
Updated•8 years ago
|
Product: addons.mozilla.org → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•