[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3547 [Tor Browser]: Disable all plugins but flash



#3547: Disable all plugins but flash
-------------------------+--------------------------------------------------
 Reporter:  mikeperry    |          Owner:  mikeperry                    
     Type:  defect       |         Status:  new                          
 Priority:  major        |      Milestone:  TorBrowserBundle 2.2.x-stable
Component:  Tor Browser  |        Version:                               
 Keywords:               |         Parent:  #2871                        
   Points:  8            |   Actualpoints:                               
-------------------------+--------------------------------------------------

Comment(by mikeperry):

 Some notes:

 The meat of the work is done in nsPluginHost::ScanPluginsDirectory().

 Apparently there is a blocklist service we *could* use from script
 (@mozilla.org/extensions/blocklist;1), but it is only called *after* the
 plugin is already loaded. If the pref plugins.unloadASAP is set, the
 plugin will be forcibly "unloaded" after the blocklist is checked.

 However, if our goal here is to prevent these plugins from loading in the
 first place on the assumption that AV plugins, weird MS plugins, and
 censorship filter plugins will all directly try to patch the Firefox
 binary in memory as soon as they are loaded, the blocklist service is then
 insufficient.

 I would guess that mozilla would accept a patch to the blocklist service
 that would allow us to block a plugin based on plugin info *before*
 loading, but this requires a lot of plumbing. The mime type and
 description fields in nsPluginInfo (and therefore nsIPluginTag) are filled
 in using NPAPI calls against the library.

 As for minimal hacks... stay tuned..

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3547#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs