[tor-bugs] #3547 [Tor Browser]: Disable all plugins but flash

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue Aug 23 19:35:54 UTC 2011

#3547: Disable all plugins but flash
 Reporter:  mikeperry    |          Owner:  mikeperry                    
     Type:  defect       |         Status:  new                          
 Priority:  major        |      Milestone:  TorBrowserBundle 2.2.x-stable
Component:  Tor Browser  |        Version:                               
 Keywords:               |         Parent:  #2871                        
   Points:  8            |   Actualpoints:                               

Comment(by mikeperry):

 In terms of creating a diff with the minimum possibility for conflicts,
 the place to hack is  nsPluginFile::GetPluginInfo(). This function is the
 function that assembles info about the plugin *and* loads it.

 In a sane world, we could safely refactor this function into two pieces:
 one that gets all the basic info before actually loading the library into
 the process space, and one that loads the plugin to get the rest of the
 info. We could then call the blocklist service in between these two calls.

 However, this is likely to hit conflicts in future Firefox versions unless
 it is merged immediately.

 The dirty hack then is create a function that we call from
 nsPluginFile::GetPluginInfo(). This function would then just do something
 dumb, like strstr each fName and/or fDescription for something that looks
 like flash or gnash. If it finds that substring in those fields, it can
 return ok.

 Otherwise, we can just make nsPluginFile::GetPluginInfo() return
 NS_ERROR_FAILURE and the plugin will not load.

 The simplicity of this dirty hack appeals to me. I think we should do it.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3547#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list