plugin whitelist

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

plugin whitelist

Marcin Pijanowski
Hello,

 

I want to add plugin to whitelist. Can you write to me how to add plugins to
whitelist. What should I do? Can you describe all the necessary steps?

 

 

--

 

Marcin Pijanowski

 

tel. +48 12 684 8365
website:  <http://www.comarch.pl/> www.comarch.pl

 

_______________________________________________
dev-tech-plugins mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-plugins
Reply | Threaded
Open this post in threaded view
|

Re: plugin whitelist

Georg Fritzsche-3
Hi Marcin,

on the wiki page on the policy [1], you need to follow the link to the bug template from point 2.
This will give you a bug form with some information required to fill in in the “Description” field.

Is anything specifically unclear there?

Georg

[1] https://wiki.mozilla.org/Plugins/Firefox_Whitelist

On 05 Mar 2014, at 12:17, Marcin Pijanowski <[hidden email]> wrote:

> I want to add plugin to whitelist. Can you write to me how to add plugins to
> whitelist. What should I do? Can you describe all the necessary steps?

_______________________________________________
dev-tech-plugins mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-plugins
Reply | Threaded
Open this post in threaded view
|

Re: plugin whitelist

Georg Fritzsche-3
Please follow the link from the wiki page to the bug template [1], then you will get
a pre-filled bug form with questions to fill out.

Georg

[1] https://bugzilla.mozilla.org/enter_bug.cgi?alias=&assigned_to=benjamin%40smedbergs.us&attach_text=&blocked=&bug_file_loc=&bug_ignored=0&bug_severity=normal&bug_status=NEW&cf_blocking_b2g=---&cf_crash_signature=&cf_status_b2g18=---&cf_status_b2g_1_1_hd=---&cf_status_b2g_1_2=---&cf_status_b2g_1_3=---&cf_status_b2g_1_3t=---&cf_status_b2g_1_4=---&cf_status_firefox27=---&cf_status_firefox28=---&cf_status_firefox29=---&cf_status_firefox30=---&cf_status_firefox_esr24=---&cf_tracking_b2g18=---&cf_tracking_b2g_v1_2=---&cf_tracking_b2g_v1_3=---&cf_tracking_firefox27=---&cf_tracking_firefox28=---&cf_tracking_firefox29=---&cf_tracking_firefox30=---&cf_tracking_firefox_esr24=---&cf_tracking_firefox_relnote=---&cf_tracking_relnote_b2g=---&comment=%3C%3CPlease%20supply%20the%20following%20information%20for%20new%20plugin%20whitelist%20requests%3E%3E%0D%0A%0D%0APlugin%20name%3A%20%0D%0AVendor%3A%20%0D%0APoint%20of%20contact%3A%20%0D%0ACurrent%20version%3A%20%0D%0ADownload%20URL%3A%20%0D%0ASample%20URL%20of%20plugin%20in%20use%3A%20%20%0D%0A%0D%0APlugin%20details%3A%0D%0A%0D%0A%3C%3CFor%20each%20affected%20operating%20system%2C%20please%20copy%20the%20plugin%20information%20from%20about%3Aplugins%20in%20Firefox%3E%3E%0D%0A%0D%0AAre%20there%20any%20variations%20in%20the%20plugin%20file%20name%2C%20MIME%20types%2C%20description%2C%20or%20version%20from%20one%20release%20to%20the%20next%3F%0D%0A%0D%0AAre%20there%20any%20known%20security%20issues%20in%20current%20or%20older%20versions%20of%20the%20plugin%3F&component=Plugin%20Click-To-Activate%20Whitelist&contenttypeentry=&contenttypemethod=autodetect&contenttypeselection=text%2Fplain&data=&defined_groups=1&dependson=&description=&flag_type-203=X&flag_type-37=X&flag_type-41=X&flag_type-5=X&flag_type-607=X&flag_type-720=X&flag_type-721=X&flag_type-737=X&flag_type-748=X&flag_type-781=X&flag_type-787=X&flag_type-791=X&flag_type-799=X&flag_type-800=X&flag_type-803=X&flag_type-809=X&flag_type-825=X&flag_type-835=X&flag_type-836=X&flag_type-842=X&form_name=enter_bug&keywords=&maketemplate=Remember%20values%20as%20bookmarkable%20template&op_sys=All&priority=--&product=Firefox&qa_contact=&rep_platform=All&requestee_type-203=&requestee_type-41=&requestee_type-5=&requestee_type-607=&requestee_type-748=&requestee_type-781=&requestee_type-787=&requestee_type-791=&requestee_type-800=&short_desc=&status_whiteboard=&target_milestone=---&version=Trunk


On 05 Mar 2014, at 13:01, Marcin Pijanowski <[hidden email]> wrote:

> Hi Georg,
>  
> I typed one sentence describing the problem.
>  
> <image002.png>
>  
> Next I click “My issue is not listed” I went through step 2, now I am in step 3 and I have to fill in the table below and submit bug, yes?
>  
> <image001.png>
>  
>  
> -----Original Message-----
> From: dev-tech-plugins [mailto:dev-tech-plugins-bounces+marcin.pijanowski=[hidden email]] On Behalf Of Georg Fritzsche
> Sent: Wednesday, March 05, 2014 12:39 PM
> To: Marcin Pijanowski
> Cc: [hidden email]
> Subject: Re: plugin whitelist
>  
> Hi Marcin,
>  
> on the wiki page on the policy [1], you need to follow the link to the bug template from point 2.
> This will give you a bug form with some information required to fill in in the “Description” field.
>  
> Is anything specifically unclear there?
>  
> Georg
>  
> [1] https://wiki.mozilla.org/Plugins/Firefox_Whitelist
>  
> On 05 Mar 2014, at 12:17, Marcin Pijanowski <[hidden email]> wrote:
>  
> > I want to add plugin to whitelist. Can you write to me how to add
> > plugins to whitelist. What should I do? Can you describe all the necessary steps?
>  
> _______________________________________________
> dev-tech-plugins mailing list
> [hidden email]
> https://lists.mozilla.org/listinfo/dev-tech-plugins

_______________________________________________
dev-tech-plugins mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-plugins
Reply | Threaded
Open this post in threaded view
|

Re: plugin whitelist

Benjamin Smedberg
In reply to this post by Marcin Pijanowski
On 3/5/2014 6:17 AM, Marcin Pijanowski wrote:
> Hello,
>
>  
>
> I want to add plugin to whitelist. Can you write to me how to add plugins to
> whitelist. What should I do? Can you describe all the necessary steps?
I think you need to be a little more specific. Note that the recently
announced whitelist is something that plugin vendors apply for. If you
are the creator of the plugin you want whitelisted, please follow the
instructions and link at
https://wiki.mozilla.org/Plugins/Firefox_Whitelist to apply.

If you are just a user who wants to enable a plugin, you should be able
to do that within Firefox by visiting the site, clicking the plugin, and
choosing "always for this site". Or you could choose to enable that
plugin for all sites by changing the setting in the addon manager.

--BDS

_______________________________________________
dev-tech-plugins mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-plugins
Reply | Threaded
Open this post in threaded view
|

Re: Plugin whitelist

David E. Ross-3
In reply to this post by Marcin Pijanowski
On 3/3/2014 11:43 AM, Benjamin Smedberg wrote:

> On Friday Chad posted and blogged about our proposed plugin whitelisting
> policy.
>
> https://wiki.mozilla.org/Plugins/Firefox_Whitelist
> https://blog.mozilla.org/security/2014/02/28/update-on-plugin-activation/
>
> The primary goal of this policy is to give plugin vendors who are
> working on moving towards HTML5 solution some additional time to make
> the transition, as well as providing feedback from plugin vendors to our
> web API teams about features missing from the web platform. We will
> continue to preserve user security by keeping engineering and QA
> contacts for each plugin vendor.
>
> Please ask questions/provide feedback by replying to
> mozilla.dev.tech.plugins.
>
> --BDS
>

Can users whitelist plugins that are identified in the user's Helper
Applications list?  Will this be automated?

Can I whitelist plugins globally instead of for specified URIs?  I have
some plugins that are used by a large number of Web sites.  It appears
that the AVG SiteSafety plugin (npsitesafety.dll) operates on ALL Web
sites.

My concern is about non-Mozilla developers who do not want to bother
with applying for whitelisting but whose products are quite useful.

--

David E. Ross
<http://www.rossde.com/>

On occasion, I filter and ignore all newsgroup messages
posted through GoogleGroups via Google's G2/1.0 user agent
because of spam, flames, and trolling from that source.
_______________________________________________
dev-tech-plugins mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-plugins
Reply | Threaded
Open this post in threaded view
|

Re: Plugin whitelist

Benjamin Smedberg
On 3/6/14 6:14 PM, David E. Ross wrote:
> Can users whitelist plugins that are identified in the user's Helper
> Applications list?
If they are actually plugins and show up in the addon manager, yes.
>    Will this be automated?
I'm not sure exactly what this means, but I'm guessing the answer is
"no, probably not".
>
> Can I whitelist plugins globally instead of for specified URIs?
Yes, unless the plugin is "known insecure" in the blocklist. The user
can go into the addon manager and switch any plugin from "Ask to
Activate" to "Always Activate".
>    I have
> some plugins that are used by a large number of Web sites.  It appears
> that the AVG SiteSafety plugin (npsitesafety.dll) operates on ALL Web
> sites.
That is surprising and probably indicates that AVG is injecting content
into the page, which I would say is a compatibility and security hazard.
In any case the above answer still applies.

--BDS

_______________________________________________
dev-tech-plugins mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-plugins
Reply | Threaded
Open this post in threaded view
|

Re: Plugin whitelist

David E. Ross-3
In reply to this post by David E. Ross-3
On 3/6/2014 3:29 PM, Benjamin Smedberg wrote [in part]:
> On 3/6/14 6:14 PM, I previously wrote [also in part]:
>> It appears
>> that the AVG SiteSafety plugin (npsitesafety.dll) operates on ALL Web
>> sites.
> That is surprising and probably indicates that AVG is injecting content
> into the page, which I would say is a compatibility and security hazard.
> In any case the above answer still applies.

Actually, the AVG SiteSafety plugin is supposed to alert me when I
attempt to view a hazardous Web site.  AVG calls this "Link Protection",
which involves scans of Web, Twitter, & Facebook links.

--

David E. Ross
<http://www.rossde.com/>

On occasion, I filter and ignore all newsgroup messages
posted through GoogleGroups via Google's G2/1.0 user agent
because of spam, flames, and trolling from that source.
_______________________________________________
dev-tech-plugins mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-plugins