Closed
Bug 989981
Opened 11 years ago
Closed 11 years ago
The plugin is about describing experience, work, relationship with some persons, describing experience with the sites.
Categories
(Firefox Graveyard :: Plugin Click-To-Activate Whitelist, defect)
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: searchency, Assigned: benjamin)
Details
Plugin name: Searchency
Vendor: http://searchency.com
Point of contact: searchency@gmail.com
Current version: 1.0
Download URL: http://by.searchency.com/downloads/last
Sample URL of plugin in use:
a) Please login the page http://by.searchency.com/searchency
Credentials are:
a.1) Account is testacc
a.2) Password is pKbH65TD
c) Please check page http://www.mamba.ru/en/mb946295495?hit=10
d) Please click special Searchency user icon
e) Please set user rate and comment if you like and click special form button
f) Please refresh the page and check user's scores
Plugin details:
Windows XP
Enabled plugins
Find updates for installed plugins at mozilla.com/plugincheck
Java(TM) Platform SE 7 U45
File: npjp2.dll
Path: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
Version: 10.45.2.18
State: Disabled
Next Generation Java Plug-in 10.45.2 for Mozilla browsers
MIME Type Description Suffixes
application/x-java-applet Java Applet
application/x-java-bean JavaBeans
application/x-java-vm
application/x-java-applet;version=1.1.1
application/x-java-bean;version=1.1.1
application/x-java-applet;version=1.1
application/x-java-bean;version=1.1
application/x-java-applet;version=1.2
application/x-java-bean;version=1.2
application/x-java-applet;version=1.1.3
application/x-java-bean;version=1.1.3
application/x-java-applet;version=1.1.2
application/x-java-bean;version=1.1.2
application/x-java-applet;version=1.3
application/x-java-bean;version=1.3
application/x-java-applet;version=1.2.2
application/x-java-bean;version=1.2.2
application/x-java-applet;version=1.2.1
application/x-java-bean;version=1.2.1
application/x-java-applet;version=1.3.1
application/x-java-bean;version=1.3.1
application/x-java-applet;version=1.4
application/x-java-bean;version=1.4
application/x-java-applet;version=1.4.1
application/x-java-bean;version=1.4.1
application/x-java-applet;version=1.4.2
application/x-java-bean;version=1.4.2
application/x-java-applet;version=1.5
application/x-java-bean;version=1.5
application/x-java-applet;version=1.6
application/x-java-bean;version=1.6
application/x-java-applet;version=1.7
application/x-java-bean;version=1.7
application/x-java-applet;jpi-version=1.7.0_45
application/x-java-bean;jpi-version=1.7.0_45
application/x-java-vm-npruntime
application/x-java-applet;deploy=10.45.2
application/x-java-applet;javafx=2.2.45
Java Deployment Toolkit 7.0.450.18
File: npdeployJava1.dll
Path: C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll
Version: 10.45.2.18
State: Disabled (STATE_VULNERABLE_NO_UPDATE)
NPRuntime Script Plug-in Library for Java(TM) Deploy
MIME Type Description Suffixes
application/java-deployment-toolkit
VLC Web Plugin
File: npvlc.dll
Path: C:\Program Files\VideoLAN\VLC\npvlc.dll
Version: 2.1.0.0
State: Disabled
VLC media player Web Plugin 2.1.0
MIME Type Description Suffixes
audio/mpeg MPEG audio mp2,mp3,mpga,mpega
audio/x-mpeg MPEG audio mp2,mp3,mpga,mpega
video/mpeg MPEG video mpg,mpeg,mpe
video/x-mpeg MPEG video mpg,mpeg,mpe
video/mpeg-system MPEG video mpg,mpeg,mpe,vob
video/x-mpeg-system MPEG video mpg,mpeg,mpe,vob
audio/mp4 MPEG-4 audio aac,mp4,mpg4
audio/x-m4a MPEG-4 audio m4a
video/mp4 MPEG-4 video mp4,mpg4
application/mpeg4-iod MPEG-4 video mp4,mpg4
application/mpeg4-muxcodetable MPEG-4 video mp4,mpg4
video/x-m4v MPEG-4 video m4v
video/x-msvideo AVI video avi
application/ogg Ogg stream ogg
video/ogg Ogg video ogv
application/x-ogg Ogg stream ogg
application/x-vlc-plugin VLC plug-in
video/x-ms-asf-plugin Windows Media Video asf,asx
video/x-ms-asf Windows Media Video asf,asx
application/x-mplayer2 Windows Media
video/x-ms-wmv Windows Media wmv
video/x-ms-wvx Windows Media Video wvx
audio/x-ms-wma Windows Media Audio wma
application/x-google-vlc-plugin Google VLC plug-in
audio/wav WAV audio wav
audio/x-wav WAV audio wav
audio/3gpp 3GPP audio 3gp,3gpp
video/3gpp 3GPP video 3gp,3gpp
audio/3gpp2 3GPP2 audio 3g2,3gpp2
video/3gpp2 3GPP2 video 3g2,3gpp2
video/divx DivX video divx
video/flv FLV video flv
video/x-flv FLV video flv
application/x-matroska Matroska video mkv
video/x-matroska Matroska video mkv
audio/x-matroska Matroska audio mka
application/xspf+xml Playlist xspf xspf
audio/x-mpegurl MPEG audio m3u
video/webm WebM video webm
audio/webm WebM audio webm
application/vnd.rn-realmedia Real Media File rm
audio/x-realaudio Real Media Audio ra
audio/amr AMR audio amr
audio/x-flac FLAC audio flac
Adobe Acrobat
File: nppdf32.dll,nppdf32.dll
Path: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll,C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll
Version: 11.0.4.63
State: Disabled
Adobe PDF Plug-In For Firefox and Netscape 11.0.04
MIME Type Description Suffixes
application/pdf Acrobat Portable Document Format pdf
application/vnd.adobe.pdfxml Adobe PDF in XML Format pdfxml
application/vnd.adobe.x-mars Adobe PDF in XML Format mars
application/vnd.fdf Acrobat Forms Data Format fdf
application/vnd.adobe.xfdf XML Version of Acrobat Forms Data Format xfdf
application/vnd.adobe.xdp+xml Acrobat XML Data Package xdp
application/vnd.adobe.xfd+xml Adobe FormFlow99 Data File xfd
application/pdf Acrobat Portable Document Format pdf
application/vnd.adobe.pdfxml Adobe PDF in XML Format pdfxml
application/vnd.adobe.x-mars Adobe PDF in XML Format mars
application/vnd.fdf Acrobat Forms Data Format fdf
application/vnd.adobe.xfdf XML Version of Acrobat Forms Data Format xfdf
application/vnd.adobe.xdp+xml Acrobat XML Data Package xdp
application/vnd.adobe.xfd+xml Adobe FormFlow99 Data File xfd
Shockwave Flash
File: NPSWF32_11_7_700_224.dll
Path: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
Version: 11.7.700.224
State: Disabled
Shockwave Flash 11.7 r700
MIME Type Description Suffixes
application/x-shockwave-flash Adobe Flash movie swf
application/futuresplash FutureSplash movie spl
Microsoft® DRM
File: npdrmv2.dll
Path: C:\Program Files\Windows Media Player\npdrmv2.dll
Version: 9.0.0.4503
State: Disabled
DRM Netscape Network Object
MIME Type Description Suffixes
application/x-drm-v2 Network Interface Plugin nip
Windows Media Player Plug-in Dynamic Link Library
File: npdsplay.dll
Path: C:\Program Files\Windows Media Player\npdsplay.dll
Version: 3.0.2.629
State: Disabled
Npdsplay dll
MIME Type Description Suffixes
application/asx Media Files *
video/x-ms-asf-plugin Media Files *
application/x-mplayer2 Media Files *
video/x-ms-asf Media Files asf,asx,*
video/x-ms-wm Media Files wm,*
audio/x-ms-wma Media Files wma,*
audio/x-ms-wax Media Files wax,*
video/x-ms-wmv Media Files wmv,*
video/x-ms-wvx Media Files wvx,*
Microsoft® DRM
File: npwmsdrm.dll
Path: C:\Program Files\Windows Media Player\npwmsdrm.dll
Version: 9.0.0.4503
State: Disabled
DRM Store Netscape Plugin
MIME Type Description Suffixes
application/x-drm Network Interface Plugin nip
Rating
Delete
Windows 7 - the same
Windows 8 - the same
Are there any variations in the plugin file name, MIME types, description, or version from one release to the next?
a.1) At May, 15 2014 we plan to rid the binary libraries (dlls) off the plugin and to place Emscripten-compilant code instead, so we plan to rid the next files:
a.1.1) searchency@bzivev.com\chrome\content\libs\winx86\libwebp.dll
a.1.2) searchency@bzivev.com\chrome\content\libs\winx86\libgcc_s_dw2-1.dll
a.1.3) searchency@bzivev.com\chrome\content\libs\winx86\libssp-0.dll
a.1.4) searchency@bzivev.com\chrome\content\libs\winx86\glut32.dll
a.1.5) searchency@bzivev.com\chrome\content\libs\winx86\zlib1.dll
a.1.6) searchency@bzivev.com\chrome\content\libs\winx86\jpeg62.dll
a.1.7) searchency@bzivev.com\chrome\content\libs\winx86\libtiff3.dll
a.1.8) searchency@bzivev.com\chrome\content\libs\winx86
a.1.9) searchency@bzivev.com\chrome\content\libs
a.2) At May,1 2014 we plan to avoid using the JQuery library, so we plan to rid next files off the plugin:
a.2.1) searchency@bzivev.com\chrome\content\jquery.min.js
a.2.2) searchency@bzivev.com\chrome\content\jquery.knob.js
a.2.3) searchency@bzivev.com\chrome\content\jquery-ui.js
a.2.4) searchency@bzivev.com\chrome\content\jquery.formstyler.js
b) MIME types the same
c) Description the same
d) Version variations planned
d.1) Version 1.1 at May, 1 2014
d.2) Version 1.5 at June, 1 2014
Are there any known security issues in current or older versions of the plugin?
Regarding the facts listed below here are no security issues in the Searchency plugin:
a) JavaScript code doesn't use here eval JavaScript function calls
b) Clientside WebP convertor library is about native Google sources had been rebuilt
c) Clientside WebP convertor library uses libssp-0 stack-smash protection library
Assignee | ||
Comment 1•11 years ago
|
||
You seem to be talking about a specific application of the Java plugin. We are only accepting plugin whitelist requests from plugin vendors, and Java is not a candidate for the whitelist.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
Reporter | ||
Comment 2•11 years ago
|
||
Greetings,
I'm presenting the vendor company of the Plugin.
I'm sorry but it’s not too clear for me, what is your note about Java nature of the plugin is based on. The Plugin used only technologies on plugin development are JavaScript-based scripts and js-ctypes libraries binding.
Please confirm that you are referring specifically to my plugin, not the other one. Please let me know is something wrong with the Plugin.
Thank you,
Best regards,
CEO Maksim Rudzenka
Assignee | ||
Comment 3•11 years ago
|
||
This whitelist is about NPAPI plugins only, and has nothing to do with javascript or ctypes.
Reporter | ||
Comment 4•11 years ago
|
||
Greetings,
Please let me know is it right own-developed XPI Firefox extension would not be blocked on terms of Mozilla Click-to-Activate Policy?
Thank you,
Best regards,
CEO Maksim Rudzenka
Assignee | ||
Comment 5•11 years ago
|
||
The plugin policy has nothing to do with extensions.
Updated•9 years ago
|
Product: Firefox → Firefox Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•