Closed Bug 989981 Opened 7 years ago Closed 7 years ago

The plugin is about describing experience, work, relationship with some persons, describing experience with the sites.

Categories

(Firefox Graveyard :: Plugin Click-To-Activate Whitelist, defect)

x86_64
Windows 8
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED INVALID

People

(Reporter: searchency, Assigned: benjamin)

Details

Plugin name: Searchency
Vendor: http://searchency.com
Point of contact: searchency@gmail.com
Current version: 1.0
Download URL: http://by.searchency.com/downloads/last
Sample URL of plugin in use:  
a) Please login the page http://by.searchency.com/searchency
Credentials are:
a.1) Account is testacc
a.2) Password is pKbH65TD 
c) Please check page http://www.mamba.ru/en/mb946295495?hit=10
d) Please click special Searchency user icon
e) Please set user rate and comment if you like and click special form button
f) Please refresh the page and check user's scores


Plugin details:

Windows XP
Enabled plugins
Find updates for installed plugins at mozilla.com/plugincheck
Java(TM) Platform SE 7 U45

    File: npjp2.dll
    Path: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    Version: 10.45.2.18
    State: Disabled
    Next Generation Java Plug-in 10.45.2 for Mozilla browsers

MIME Type	Description	Suffixes
application/x-java-applet	Java Applet	
application/x-java-bean	JavaBeans	
application/x-java-vm		
application/x-java-applet;version=1.1.1		
application/x-java-bean;version=1.1.1		
application/x-java-applet;version=1.1		
application/x-java-bean;version=1.1		
application/x-java-applet;version=1.2		
application/x-java-bean;version=1.2		
application/x-java-applet;version=1.1.3		
application/x-java-bean;version=1.1.3		
application/x-java-applet;version=1.1.2		
application/x-java-bean;version=1.1.2		
application/x-java-applet;version=1.3		
application/x-java-bean;version=1.3		
application/x-java-applet;version=1.2.2		
application/x-java-bean;version=1.2.2		
application/x-java-applet;version=1.2.1		
application/x-java-bean;version=1.2.1		
application/x-java-applet;version=1.3.1		
application/x-java-bean;version=1.3.1		
application/x-java-applet;version=1.4		
application/x-java-bean;version=1.4		
application/x-java-applet;version=1.4.1		
application/x-java-bean;version=1.4.1		
application/x-java-applet;version=1.4.2		
application/x-java-bean;version=1.4.2		
application/x-java-applet;version=1.5		
application/x-java-bean;version=1.5		
application/x-java-applet;version=1.6		
application/x-java-bean;version=1.6		
application/x-java-applet;version=1.7		
application/x-java-bean;version=1.7		
application/x-java-applet;jpi-version=1.7.0_45		
application/x-java-bean;jpi-version=1.7.0_45		
application/x-java-vm-npruntime		
application/x-java-applet;deploy=10.45.2		
application/x-java-applet;javafx=2.2.45		
Java Deployment Toolkit 7.0.450.18

    File: npdeployJava1.dll
    Path: C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll
    Version: 10.45.2.18
    State: Disabled (STATE_VULNERABLE_NO_UPDATE)
    NPRuntime Script Plug-in Library for Java(TM) Deploy

MIME Type	Description	Suffixes
application/java-deployment-toolkit		
VLC Web Plugin

    File: npvlc.dll
    Path: C:\Program Files\VideoLAN\VLC\npvlc.dll
    Version: 2.1.0.0
    State: Disabled
    VLC media player Web Plugin 2.1.0

MIME Type	Description	Suffixes
audio/mpeg	MPEG audio	mp2,mp3,mpga,mpega
audio/x-mpeg	MPEG audio	mp2,mp3,mpga,mpega
video/mpeg	MPEG video	mpg,mpeg,mpe
video/x-mpeg	MPEG video	mpg,mpeg,mpe
video/mpeg-system	MPEG video	mpg,mpeg,mpe,vob
video/x-mpeg-system	MPEG video	mpg,mpeg,mpe,vob
audio/mp4	MPEG-4 audio	aac,mp4,mpg4
audio/x-m4a	MPEG-4 audio	m4a
video/mp4	MPEG-4 video	mp4,mpg4
application/mpeg4-iod	MPEG-4 video	mp4,mpg4
application/mpeg4-muxcodetable	MPEG-4 video	mp4,mpg4
video/x-m4v	MPEG-4 video	m4v
video/x-msvideo	AVI video	avi
application/ogg	Ogg stream	ogg
video/ogg	Ogg video	ogv
application/x-ogg	Ogg stream	ogg
application/x-vlc-plugin	VLC plug-in	
video/x-ms-asf-plugin	Windows Media Video	asf,asx
video/x-ms-asf	Windows Media Video	asf,asx
application/x-mplayer2	Windows Media	
video/x-ms-wmv	Windows Media	wmv
video/x-ms-wvx	Windows Media Video	wvx
audio/x-ms-wma	Windows Media Audio	wma
application/x-google-vlc-plugin	Google VLC plug-in	
audio/wav	WAV audio	wav
audio/x-wav	WAV audio	wav
audio/3gpp	3GPP audio	3gp,3gpp
video/3gpp	3GPP video	3gp,3gpp
audio/3gpp2	3GPP2 audio	3g2,3gpp2
video/3gpp2	3GPP2 video	3g2,3gpp2
video/divx	DivX video	divx
video/flv	FLV video	flv
video/x-flv	FLV video	flv
application/x-matroska	Matroska video	mkv
video/x-matroska	Matroska video	mkv
audio/x-matroska	Matroska audio	mka
application/xspf+xml	Playlist xspf	xspf
audio/x-mpegurl	MPEG audio	m3u
video/webm	WebM video	webm
audio/webm	WebM audio	webm
application/vnd.rn-realmedia	Real Media File	rm
audio/x-realaudio	Real Media Audio	ra
audio/amr	AMR audio	amr
audio/x-flac	FLAC audio	flac
Adobe Acrobat

    File: nppdf32.dll,nppdf32.dll
    Path: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll,C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll
    Version: 11.0.4.63
    State: Disabled
    Adobe PDF Plug-In For Firefox and Netscape 11.0.04

MIME Type	Description	Suffixes
application/pdf	Acrobat Portable Document Format	pdf
application/vnd.adobe.pdfxml	Adobe PDF in XML Format	pdfxml
application/vnd.adobe.x-mars	Adobe PDF in XML Format	mars
application/vnd.fdf	Acrobat Forms Data Format	fdf
application/vnd.adobe.xfdf	XML Version of Acrobat Forms Data Format	xfdf
application/vnd.adobe.xdp+xml	Acrobat XML Data Package	xdp
application/vnd.adobe.xfd+xml	Adobe FormFlow99 Data File	xfd
application/pdf	Acrobat Portable Document Format	pdf
application/vnd.adobe.pdfxml	Adobe PDF in XML Format	pdfxml
application/vnd.adobe.x-mars	Adobe PDF in XML Format	mars
application/vnd.fdf	Acrobat Forms Data Format	fdf
application/vnd.adobe.xfdf	XML Version of Acrobat Forms Data Format	xfdf
application/vnd.adobe.xdp+xml	Acrobat XML Data Package	xdp
application/vnd.adobe.xfd+xml	Adobe FormFlow99 Data File	xfd
Shockwave Flash

    File: NPSWF32_11_7_700_224.dll
    Path: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
    Version: 11.7.700.224
    State: Disabled
    Shockwave Flash 11.7 r700

MIME Type	Description	Suffixes
application/x-shockwave-flash	Adobe Flash movie	swf
application/futuresplash	FutureSplash movie	spl
Microsoft® DRM

    File: npdrmv2.dll
    Path: C:\Program Files\Windows Media Player\npdrmv2.dll
    Version: 9.0.0.4503
    State: Disabled
    DRM Netscape Network Object

MIME Type	Description	Suffixes
application/x-drm-v2	Network Interface Plugin	nip
Windows Media Player Plug-in Dynamic Link Library

    File: npdsplay.dll
    Path: C:\Program Files\Windows Media Player\npdsplay.dll
    Version: 3.0.2.629
    State: Disabled
    Npdsplay dll

MIME Type	Description	Suffixes
application/asx	Media Files	*
video/x-ms-asf-plugin	Media Files	*
application/x-mplayer2	Media Files	*
video/x-ms-asf	Media Files	asf,asx,*
video/x-ms-wm	Media Files	wm,*
audio/x-ms-wma	Media Files	wma,*
audio/x-ms-wax	Media Files	wax,*
video/x-ms-wmv	Media Files	wmv,*
video/x-ms-wvx	Media Files	wvx,*
Microsoft® DRM

    File: npwmsdrm.dll
    Path: C:\Program Files\Windows Media Player\npwmsdrm.dll
    Version: 9.0.0.4503
    State: Disabled
    DRM Store Netscape Plugin

MIME Type	Description	Suffixes
application/x-drm	Network Interface Plugin	nip
Rating

Delete

Windows 7 - the same
Windows 8 - the same



Are there any variations in the plugin file name, MIME types, description, or version from one release to the next?
a.1) At May, 15 2014 we plan to rid the binary libraries  (dlls) off the plugin and to place Emscripten-compilant code instead, so we plan to rid the next files:
a.1.1) searchency@bzivev.com\chrome\content\libs\winx86\libwebp.dll
a.1.2) searchency@bzivev.com\chrome\content\libs\winx86\libgcc_s_dw2-1.dll
a.1.3) searchency@bzivev.com\chrome\content\libs\winx86\libssp-0.dll
a.1.4) searchency@bzivev.com\chrome\content\libs\winx86\glut32.dll
a.1.5) searchency@bzivev.com\chrome\content\libs\winx86\zlib1.dll
a.1.6) searchency@bzivev.com\chrome\content\libs\winx86\jpeg62.dll
a.1.7) searchency@bzivev.com\chrome\content\libs\winx86\libtiff3.dll
a.1.8) searchency@bzivev.com\chrome\content\libs\winx86
a.1.9) searchency@bzivev.com\chrome\content\libs

a.2) At May,1 2014 we plan to avoid using the JQuery library, so we plan to rid next files off the plugin:
a.2.1) searchency@bzivev.com\chrome\content\jquery.min.js
a.2.2) searchency@bzivev.com\chrome\content\jquery.knob.js
a.2.3) searchency@bzivev.com\chrome\content\jquery-ui.js
a.2.4) searchency@bzivev.com\chrome\content\jquery.formstyler.js



b) MIME types the same
c) Description the same
d) Version variations planned
d.1) Version 1.1 at May, 1 2014
d.2) Version 1.5 at June, 1 2014



Are there any known security issues in current or older versions of the plugin?

Regarding the facts listed below here are no security issues in the Searchency plugin:
a) JavaScript code doesn't use here eval JavaScript function calls
b) Clientside WebP convertor library is about native Google sources had been rebuilt
c) Clientside WebP convertor library uses libssp-0 stack-smash protection library
You seem to be talking about a specific application of the Java plugin. We are only accepting plugin whitelist requests from plugin vendors, and Java is not a candidate for the whitelist.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
Greetings,

I'm presenting the vendor company of the Plugin.
I'm sorry but it’s not too clear for me, what is your note about Java nature of the plugin is based on. The Plugin used only technologies on plugin development are JavaScript-based scripts and js-ctypes libraries binding.
Please confirm that you are referring specifically to my plugin, not the other one. Please let me know is something wrong with the Plugin.

Thank you,
Best regards,
CEO Maksim Rudzenka
This whitelist is about NPAPI plugins only, and has nothing to do with javascript or ctypes.
Greetings,

Please let me know is it right own-developed XPI Firefox extension would not be blocked on terms of Mozilla Click-to-Activate Policy?

Thank you,
Best regards,
CEO Maksim Rudzenka
The plugin policy has nothing to do with extensions.
Product: Firefox → Firefox Graveyard
You need to log in before you can comment on or make changes to this bug.