Closed Bug 980772 Opened 7 years ago Closed 7 years ago
White listing of Mc
Afee Security Scanner + NPAPI plug in
Plugin name: McAfee Security Scanner Vendor: McAfee Point of contact: email@example.com Current version: 188.8.131.52 Download URL: http://home.mcafee.com/store/free-services Sample URL of plugin in use: http://get.adobe.com/reader/ Plugin details: McAfee Security Scanner File: npMcAfeeMSS.dll Path: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll Version: 184.108.40.206 State: Enabled McAfee MSS+ NPAPI Plugin MIME Type Description Suffixes application/mcafeeMssPlus-plugin npMcAfeeMss Are there any variations in the plugin file name, MIME types, description, or version from one release to the next? No Are there any known security issues in current or older versions of the plugin? No
Millions of Firefox users have already installed MSS+. Therefore our plug-in helps prevents unnecessary downloads of our product and streamlines their web browsing experience.
What does the plugin itself do for users or websites?
Role of Plugin : NPAPI Plug-in lets Adobe® installers to detect McAfee Security Scan+ software on the PC. Why MSS+ Plugin can be whitelisted: NPAPI plug-in helps Adobe installer page to detect if McAfee Security Scan+ software is installed on the PC. It just satisfies the basic stub plugin implementation for NP_GetEntryPoints/NP_Initialize/NP_Shutdown/NP_GetMIMEDescription. Only key Implementation is MIME description which returns the name of plugin as application/mcafeeMssPlus-plugin. Considering the functionality of the Plugin described, we are requesting for whitelisting the plugin for now. Plan of Action for deprecate Plugin: Considering Mozilla’s stand on Plugin free browser, McAfee plans to deprecate the MSS+ NPAPI plugin and develop an extension/SDK, which would open up some form of API that allows a page to automatically detect MSS+ on a PC. This plan of action will be executed in 1-2 months of timeframe NPAPI plug-in’s whitelisting.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Whiteboard: application complete → application complete - accepted
Builds for testing are now available at http://people.mozilla.org/~bsmedberg/plugin-whitelisting-91f6f3380041/ Please do a QA pass using a new Firefox profile to ensure that the plugin activates without a popup and appears as "Always Activate" in the addon manager. Report back in this bug when QA is complete. Please try to complete QA by the end of this week.
We have completed all testing, whitelisting works as expected.
Whiteboard: application complete - accepted → application complete - accepted - qa complete
Fixed for Firefox 30 beta in bug 992995.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
MSS itself is vulnerable: see <http://seclists.org/fulldisclosure/2014/Apr/226> Firefox should not allow its users to infect their PCs with MSS!
You need to log in before you can comment on or make changes to this bug.