Closed
Bug 980772
Opened 10 years ago
Closed 10 years ago
White listing of McAfee Security Scanner + NPAPI plug in
Categories
(Firefox Graveyard :: Plugin Click-To-Activate Whitelist, defect)
Firefox Graveyard
Plugin Click-To-Activate Whitelist
Tracking
(Not tracked)
VERIFIED
FIXED
Firefox 30
People
(Reporter: shilin_nk, Assigned: benjamin)
Details
(Whiteboard: application complete - accepted - qa complete)
Plugin name: McAfee Security Scanner Vendor: McAfee Point of contact: shilin_nk@mcafee.com Current version: 3.8.141.0 Download URL: http://home.mcafee.com/store/free-services Sample URL of plugin in use: http://get.adobe.com/reader/ Plugin details: McAfee Security Scanner File: npMcAfeeMSS.dll Path: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll Version: 3.8.141.0 State: Enabled McAfee MSS+ NPAPI Plugin MIME Type Description Suffixes application/mcafeeMssPlus-plugin npMcAfeeMss Are there any variations in the plugin file name, MIME types, description, or version from one release to the next? No Are there any known security issues in current or older versions of the plugin? No
Millions of Firefox users have already installed MSS+. Therefore our plug-in helps prevents unnecessary downloads of our product and streamlines their web browsing experience.
Assignee | ||
Comment 2•10 years ago
|
||
What does the plugin itself do for users or websites?
Flags: needinfo?(shilin_nk)
Role of Plugin : NPAPI Plug-in lets Adobe® installers to detect McAfee Security Scan+ software on the PC. Why MSS+ Plugin can be whitelisted: NPAPI plug-in helps Adobe installer page to detect if McAfee Security Scan+ software is installed on the PC. It just satisfies the basic stub plugin implementation for NP_GetEntryPoints/NP_Initialize/NP_Shutdown/NP_GetMIMEDescription. Only key Implementation is MIME description which returns the name of plugin as application/mcafeeMssPlus-plugin. Considering the functionality of the Plugin described, we are requesting for whitelisting the plugin for now. Plan of Action for deprecate Plugin: Considering Mozilla’s stand on Plugin free browser, McAfee plans to deprecate the MSS+ NPAPI plugin and develop an extension/SDK, which would open up some form of API that allows a page to automatically detect MSS+ on a PC. This plan of action will be executed in 1-2 months of timeframe NPAPI plug-in’s whitelisting.
Assignee | ||
Updated•10 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(shilin_nk)
Assignee | ||
Updated•10 years ago
|
Whiteboard: application complete
Assignee | ||
Updated•10 years ago
|
Whiteboard: application complete → application complete - accepted
Assignee | ||
Comment 4•10 years ago
|
||
Builds for testing are now available at http://people.mozilla.org/~bsmedberg/plugin-whitelisting-91f6f3380041/ Please do a QA pass using a new Firefox profile to ensure that the plugin activates without a popup and appears as "Always Activate" in the addon manager. Report back in this bug when QA is complete. Please try to complete QA by the end of this week.
Flags: needinfo?(shilin_nk)
Assignee | ||
Updated•10 years ago
|
Flags: needinfo?(shilin_nk)
Whiteboard: application complete - accepted → application complete - accepted - qa complete
Assignee | ||
Comment 6•10 years ago
|
||
Fixed for Firefox 30 beta in bug 992995.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•10 years ago
|
Status: RESOLVED → VERIFIED
Updated•10 years ago
|
Target Milestone: --- → Firefox 30
Comment 7•10 years ago
|
||
MSS itself is vulnerable: see <http://seclists.org/fulldisclosure/2014/Apr/226> Firefox should not allow its users to infect their PCs with MSS!
Updated•8 years ago
|
Product: Firefox → Firefox Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•