Closed Bug 980772 Opened 7 years ago Closed 7 years ago

White listing of McAfee Security Scanner + NPAPI plug in


(Firefox Graveyard :: Plugin Click-To-Activate Whitelist, defect)

Not set


(Not tracked)

Firefox 30


(Reporter: shilin_nk, Assigned: benjamin)


(Whiteboard: application complete - accepted - qa complete)

Plugin name: McAfee Security Scanner
Vendor: McAfee
Point of contact:
Current version:
Download URL: 
Sample URL of plugin in use: 

Plugin details:

McAfee Security Scanner
File: npMcAfeeMSS.dll
Path: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll
State: Enabled
McAfee MSS+ NPAPI Plugin
MIME Type	Description	Suffixes
application/mcafeeMssPlus-plugin	npMcAfeeMss	

Are there any variations in the plugin file name, MIME types, description, or version from one release to the next?

Are there any known security issues in current or older versions of the plugin?
Millions of Firefox users have already installed MSS+.  Therefore our plug-in helps prevents unnecessary downloads of our product and streamlines their web browsing experience.
What does the plugin itself do for users or websites?
Flags: needinfo?(shilin_nk)
Role of Plugin :  
NPAPI Plug-in lets Adobe® installers to detect McAfee Security Scan+ software on the PC.

Why MSS+ Plugin can be whitelisted: 
NPAPI plug-in helps Adobe installer page to detect if McAfee Security Scan+ software is installed on the PC. It just satisfies the basic stub plugin implementation for NP_GetEntryPoints/NP_Initialize/NP_Shutdown/NP_GetMIMEDescription.
Only key Implementation is MIME description which returns the name of plugin as application/mcafeeMssPlus-plugin. Considering the functionality of the Plugin described, we are requesting for whitelisting the plugin for now.  

Plan of Action for deprecate Plugin:
Considering Mozilla’s stand on Plugin free browser, McAfee plans to deprecate the MSS+ NPAPI plugin and develop an extension/SDK, which would open up some form of API that allows a page to automatically detect MSS+ on a PC. This plan of action will be executed in 1-2 months of timeframe NPAPI plug-in’s whitelisting.
Ever confirmed: true
Flags: needinfo?(shilin_nk)
Whiteboard: application complete
Whiteboard: application complete → application complete - accepted
Builds for testing are now available at

Please do a QA pass using a new Firefox profile to ensure that the plugin activates without a popup and appears as "Always Activate" in the addon manager. Report back in this bug when QA is complete. Please try to complete QA by the end of this week.
Flags: needinfo?(shilin_nk)
We have completed all testing, whitelisting works as expected.
Flags: needinfo?(shilin_nk)
Whiteboard: application complete - accepted → application complete - accepted - qa complete
Fixed for Firefox 30 beta in bug 992995.
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 30
MSS itself is vulnerable: see <>
Firefox should not allow its users to infect their PCs with MSS!
Product: Firefox → Firefox Graveyard
You need to log in before you can comment on or make changes to this bug.