Bug 491543
Summary: | Firefox is reenabling disabled plugins | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Bruno Wolff III <bruno> |
Component: | firefox | Assignee: | Martin Stransky <stransky> |
Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 11 | CC: | agk, chkr, gecko-bugs-nobody, mcepl, stransky, walters |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-06-28 11:32:30 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Bruno Wolff III
2009-03-22 20:36:33 UTC
Thanks for the bug report. We have reviewed the information you have provided above, and there is some additional information we require that will be helpful in our diagnosis of this issue. First of all, could we get output of the command rpm -qa *xulrun* *firefox* *mozilla* *flash* *plugin* Do you use nspluginwrapper (it is default in all Fedoras)? If so, then your ls command is not conclusive. Could we get please output of the command mozilla-plugin-config -l pasted here into a comment? We will review this issue again once you've had a chance to attach this information. Thanks in advance. I am not sure what you mean by "use" nspluginwrapper? I don't believe I have disabled it. However my intention is not to run any plugins with firefox. If it isn't an image, text, html, xml, xhtml or css I want it to offer a download, not try to run an app to process the object. So in that sense I shouldn't be using it. [root@cerberus bruno]# rpm -qa *xulrun* *firefox* *mozilla* *flash* *plugin* claws-mail-plugins-vcalendar-3.7.1-2.fc11.x86_64 totem-mozplugin-2.26.1-2.fc11.x86_64 gnumeric-plugins-extras-1.8.4-1.fc11.x86_64 plymouth-plugin-pulser-0.7.0-0.2009.03.10.2.fc11.x86_64 gstreamer-plugins-schroedinger-1.0.6-1.fc11.x86_64 xfce4-timer-plugin-0.6.1-3.fc11.x86_64 yum-plugin-list-data-1.1.21-2.fc11.noarch gstreamer-plugins-bad-0.10.11-3.fc11.x86_64 gstreamer-plugins-ugly-0.10.11-1.fc11.x86_64 gstreamer-plugins-base-devel-0.10.22-2.fc11.x86_64 xfce4-eyes-plugin-4.4.0-6.fc11.x86_64 xfce4-smartbookmark-plugin-0.4.2-8.fc11.x86_64 xfce4-websearch-plugin-0.1.1-0.10.20070428svn2704.fc11.x86_64 xfce4-time-out-plugin-0.1.1-3.fc11.x86_64 gutenprint-plugin-5.2.3-5.fc11.x86_64 xfce4-diskperf-plugin-2.2.0-3.fc11.x86_64 thunar-media-tags-plugin-0.1.2-6.fc11.x86_64 audacious-plugins-freeworld-mp3-1.5.1-2.fc11.x86_64 yum-plugin-protect-packages-1.1.21-2.fc11.noarch xine-plugin-1.0.2-2.fc11.x86_64 thunar-archive-plugin-0.2.4-6.fc11.x86_64 xfce4-xfapplet-plugin-0.1.0-8.fc11.x86_64 xfce4-mpc-plugin-0.3.3-3.fc11.x86_64 audacious-plugins-freeworld-aac-1.5.1-2.fc11.x86_64 xfce4-dict-plugin-0.5.2-3.fc11.x86_64 xfce4-cpugraph-plugin-0.4.0-5.fc11.x86_64 xfce4-weather-plugin-0.6.2-5.fc11.x86_64 plymouth-plugin-label-0.7.0-0.2009.03.10.2.fc11.x86_64 yum-plugin-protectbase-1.1.21-2.fc11.noarch plymouth-plugin-fade-in-0.7.0-0.2009.03.10.2.fc11.x86_64 xfce4-notes-plugin-1.6.4-1.fc11.x86_64 alsa-plugins-pulseaudio-1.0.18-3.fc11.i586 vamp-plugin-sdk-2.0-5.fc11.x86_64 swfdec-mozilla-0.9.2-2.fc11.x86_64 plymouth-plugin-solar-0.7.0-0.2009.03.10.2.fc11.x86_64 mozilla-filesystem-1.9-4.fc11.x86_64 xfce4-fsguard-plugin-0.4.2-3.fc11.x86_64 audacious-plugins-freeworld-tta-1.5.1-2.fc11.x86_64 nspluginwrapper-1.3.0-5.fc11.x86_64 maven2-plugin-release-2.0.4-11.19.fc11.x86_64 gstreamer-plugins-farsight-0.12.10-2.fc11.x86_64 xfce4-xkb-plugin-0.5.2-3.fc11.x86_64 mythplugins-0.22-0.2.svn.r20293.fc11.x86_64 xfce4-sensors-plugin-0.10.99.6-4.fc11.x86_64 trac-mercurial-plugin-0.11.0.7-2.20090205svn7817.fc11.noarch allegro-jack-plugin-4.2.2-12.fc11.x86_64 gnash-plugin-0.8.5-3.fc11.x86_64 firefox-3.1-0.11.beta3.fc11.x86_64 nagios-plugins-game-1.4.13-14.fc11.x86_64 plymouth-plugin-spinfinity-0.7.0-0.2009.03.10.2.fc11.x86_64 allegro-esound-plugin-4.2.2-12.fc11.x86_64 mozilla-vlc-1.0.0-0.1pre1.fc11.x86_64 xulrunner-devel-1.9.1-0.11.beta3.fc11.x86_64 audacious-plugins-freeworld-mms-1.5.1-2.fc11.x86_64 gstreamer-plugins-good-0.10.14-2.fc11.x86_64 yum-plugin-priorities-1.1.21-2.fc11.noarch crossfire-plugins-1.11.0-3.fc11.x86_64 xfce4-clipman-plugin-0.9.1-1.fc11.x86_64 xfce4-systemload-plugin-0.4.2-6.fc11.x86_64 yum-plugin-versionlock-1.1.21-2.fc11.noarch PackageKit-yum-plugin-0.4.6-2.fc11.x86_64 xfce4-mailwatch-plugin-1.1.0-3.fc11.x86_64 xfce4-wavelan-plugin-0.5.4-6.fc11.x86_64 maven-shared-plugin-testing-harness-1.0-5.7.fc11.x86_64 xfce4-datetime-plugin-0.6.1-3.fc11.x86_64 xfce4-places-plugin-1.1.0-5.fc11.x86_64 xulrunner-1.9.1-0.11.beta3.fc11.x86_64 xfce4-battery-plugin-0.5.1-2.fc11.x86_64 gstreamer-plugins-flumpegdemux-0.10.15-6.fc11.x86_64 yum-plugin-allowdowngrade-1.1.21-2.fc11.noarch audacious-plugins-freeworld-wma-1.5.1-2.fc11.x86_64 gedit-plugins-2.22.3-4.fc11.x86_64 plymouth-system-plugin-0.7.0-0.2009.03.10.2.fc11.x86_64 anaconda-yum-plugins-1.0-4.fc11.noarch alsa-plugins-pulseaudio-1.0.18-3.fc11.x86_64 allegro-arts-plugin-4.2.2-12.fc11.x86_64 yum-plugin-merge-conf-1.1.21-2.fc11.noarch java-1.6.0-openjdk-plugin-1.6.0.0-19.b14.fc11.x86_64 audacious-plugins-freeworld-1.5.1-2.fc11.x86_64 thunar-shares-plugin-0.2.0-1.fc11.x86_64 yum-plugin-remove-with-leaves-1.1.21-2.fc11.noarch xulrunner-python-1.9.1-0.11.beta3.fc11.x86_64 xfce4-verve-plugin-0.3.6-3.fc11.x86_64 xfce4-mount-plugin-0.5.5-3.fc11.x86_64 kipi-plugins-0.2.0-2.fc11.x86_64 xfce4-screenshooter-plugin-1.5.1-1.fc11.x86_64 yum-plugin-keys-1.1.21-2.fc11.noarch xfce4-genmon-plugin-3.2-3.fc11.x86_64 yum-plugin-upgrade-helper-1.1.21-2.fc11.noarch trac-git-plugin-0.0.1-8.20070705svn1536.fc11.noarch gstreamer-plugins-base-0.10.22-2.fc11.x86_64 setroubleshoot-plugins-2.0.15-1.fc11.noarch yum-plugin-verify-1.1.21-2.fc11.noarch xfce4-quicklauncher-plugin-1.9.4-4.fc11.x86_64 konq-plugins-4.2.2-1.fc11.x86_64 audacious-plugins-1.5.1-3.fc11.x86_64 qmmp-plugins-freeworld-0.2.3-3.fc11.x86_64 audacious-plugins-freeworld-alac-1.5.1-2.fc11.x86_64 xfce4-netload-plugin-0.4.0-9.fc11.x86_64 nagios-plugins-1.4.13-14.fc11.x86_64 gstreamer-plugins-bad-extras-0.10.11-3.fc11.x86_64 gstreamer-plugins-good-devel-0.10.14-2.fc11.x86_64 [root@cerberus bruno]# mozilla-plugin-config -l EXCLUDE_WRAP: libtotem* libjavaplugin* gecko-mediaplayer* mplayerplug-in* librhythmbox* EXCLUDE_LINK: File/Link /usr/lib/mozilla/plugins-wrapped/libnpg.so File/Link /usr/lib/mozilla/plugins-wrapped/libpbr.so /usr/lib64/mozilla/plugins-wrapped/nswrapper_64_64.libswfdecmozilla.so Original plugin: /usr/lib64/mozilla/plugins/libswfdecmozilla.so Wrapper version string: X (1.3.0) File/Link /usr/lib64/mozilla/plugins-wrapped/libtotem-gmp-plugin.so File/Link /usr/lib64/mozilla/plugins-wrapped/libtotem-cone-plugin.so File/Link /usr/lib64/mozilla/plugins-wrapped/xine-logo.ogg File/Link /usr/lib64/mozilla/plugins-wrapped/gecko-mediaplayer-rm.so File/Link /usr/lib64/mozilla/plugins-wrapped/gecko-mediaplayer-wmp.so File/Link /usr/lib64/mozilla/plugins-wrapped/gecko-mediaplayer-qt.so File/Link /usr/lib64/mozilla/plugins-wrapped/gecko-mediaplayer-dvx.so File/Link /usr/lib64/mozilla/plugins-wrapped/libjavaplugin.so File/Link /usr/lib64/mozilla/plugins-wrapped/libtotem-narrowspace-plugin.so File/Link /usr/lib64/mozilla/plugins-wrapped/libtotem-mully-plugin.so File/Link /usr/lib64/mozilla/plugins-wrapped/librhythmbox-itms-detection-plugin. so /usr/lib64/mozilla/plugins-wrapped/nswrapper_64_64.xineplugin.so Original plugin: /usr/lib64/mozilla/plugins/xineplugin.so Wrapper version string: X (1.3.0) /usr/lib64/mozilla/plugins-wrapped/nswrapper_64_64.libvlcplugin.so Original plugin: /usr/lib64/mozilla/plugins/libvlcplugin.so Wrapper version string: X (1.3.0) /usr/lib64/mozilla/plugins-wrapped/nswrapper_64_64.libgnashplugin.so Original plugin: /usr/lib64/mozilla/plugins/libgnashplugin.so Wrapper version string: X (1.3.0) File/Link /usr/lib64/mozilla/plugins-wrapped/gecko-mediaplayer.so /usr/lib64/mozilla/plugins-wrapped/nswrapper_64_64.libswfdecmozilla.so Original plugin: /usr/lib64/mozilla/plugins/libswfdecmozilla.so Wrapper version string: X (1.3.0) File/Link /usr/lib64/mozilla/plugins-wrapped/libtotem-gmp-plugin.so File/Link /usr/lib64/mozilla/plugins-wrapped/libtotem-cone-plugin.so File/Link /usr/lib64/mozilla/plugins-wrapped/xine-logo.ogg File/Link /usr/lib64/mozilla/plugins-wrapped/gecko-mediaplayer-rm.so File/Link /usr/lib64/mozilla/plugins-wrapped/gecko-mediaplayer-wmp.so File/Link /usr/lib64/mozilla/plugins-wrapped/gecko-mediaplayer-qt.so File/Link /usr/lib64/mozilla/plugins-wrapped/gecko-mediaplayer-dvx.so File/Link /usr/lib64/mozilla/plugins-wrapped/libjavaplugin.so File/Link /usr/lib64/mozilla/plugins-wrapped/libtotem-narrowspace-plugin.so File/Link /usr/lib64/mozilla/plugins-wrapped/libtotem-mully-plugin.so File/Link /usr/lib64/mozilla/plugins-wrapped/librhythmbox-itms-detection-plugin. so /usr/lib64/mozilla/plugins-wrapped/nswrapper_64_64.xineplugin.so Original plugin: /usr/lib64/mozilla/plugins/xineplugin.so Wrapper version string: X (1.3.0) /usr/lib64/mozilla/plugins-wrapped/nswrapper_64_64.libvlcplugin.so Original plugin: /usr/lib64/mozilla/plugins/libvlcplugin.so Wrapper version string: X (1.3.0) /usr/lib64/mozilla/plugins-wrapped/nswrapper_64_64.libgnashplugin.so Original plugin: /usr/lib64/mozilla/plugins/libgnashplugin.so Wrapper version string: X (1.3.0) File/Link /usr/lib64/mozilla/plugins-wrapped/gecko-mediaplayer.so (In reply to comment #2) > I am not sure what you mean by "use" nspluginwrapper? I don't believe I have > disabled it. However my intention is not to run any plugins with firefox. If it > isn't an image, text, html, xml, xhtml or css I want it to offer a download, > not try to run an app to process the object. So in that sense I shouldn't be > using it. OK, that makes sense (kind of). I will investigate this further, but for now, I think the best workaround I can suggest to you is to switch off all plugins in NoScript (being paranoid as you seem to be you have Noscript installed, right?; no offense meant, of course). Matej This link might be of interest http://forums.mozillazine.org/viewtopic.php?p=2625151 No, I tried noscript and didn't like it. I now am just turning it on and off manually, as there are only a few places I need it on for. What I did in the short run is uninstall the flash players. I didn't really use them, but I don't think I should have to uninstall stuff to disable it. It was more of a concern to me that netscape could change this stuff, as it is changing things in a global place that should require root access to change. In particular these were executable code. It may be that there are some safeguards, but it's hard to tell without knowing how the change is being made. In the long run I'll probably switch browsers. What I like about it is the proportional fonts that make reading easier than say something like lynx. But the crappy security handling of plugins and certificates is motivating me to look at other open source browsers; I just have other stuff to do right now. You can disable plug-ins in Firefox menu. Tools -> Add-ons -> Plugins tab -> Disable. Or remove unused plugins from /usr/lib64/mozilla/plugins. The bug is about Firefox reenabling plugins when it is run, without asking and especially badly, being run without root access. (Though there may be some policykit or console kit permission that facilitates this.) So having a way to disable plugins in firefox doesn't really solve the issue. It's not a bug, it's a feature and I worked hard to get this mechanism to perform smoothly. mozilla-plugin-config is a SUID application so it doesn't need to be run by root. Anyway, if you believe the mechanism is wrong, please submit your solution how it should work. Well it's a security issue since you are allowing an ordinary user to control which code might be run by other users. I think it's low risk, but they shouldn't be able to just do this. Is there a policykit or consolekit control over whether someone can do this? The other thing that is odd is that it just gets run. If someone disabled some plugins (using the same tool even) why would you want them automatically reenabled? Also note that removing plugins from /usr/lib64/mozilla/plugins isn't the best solution as stuff there is typically managed by rpm. I shouldn't have to uninstall something (in normal cases) to keep it from being used. I might have some other program besides firefox that I want to use it with. This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle. Changing version to '11'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping This message is a reminder that Fedora 11 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 11. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '11'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 11's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 11 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping Fedora 11 changed to end-of-life (EOL) status on 2010-06-25. Fedora 11 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed. |