Search found 931 matches
- Wed Oct 21, 2015 4:44 am
- Forum: NoScript Development
- Topic: top level built-in pdf.js viewer isn't blocked
- Replies: 18
- Views: 7010
Re: top level built-in pdf.js viewer isn't blocked
Evidently I am still not making myself clear. You've made yourself crystal clear, let's see if I can summarize. The latest pdfs.js vulnerability, https://www.mozilla.org/en-US/security/ ... sa2015-78/ http://www.welivesecurity.com/2015/08/1 ... ay-attack/ is only tangentially and superficially rela...
- Tue Oct 20, 2015 5:14 am
- Forum: NoScript Development
- Topic: top level built-in pdf.js viewer isn't blocked
- Replies: 18
- Views: 7010
Re: top level built-in pdf.js viewer isn't blocked
pdf.js is not an extension, it is built in. However since plugins are on their way out, it would be reasonable for mozilla to enable a class of plugin-like extensions for rendering arbitrary mime types. Maybe this already exists, don't know. If/when it does, then noscript's embedding blocking functi...
- Mon Oct 19, 2015 11:31 pm
- Forum: NoScript Development
- Topic: top level built-in pdf.js viewer isn't blocked
- Replies: 18
- Views: 7010
Re: top level built-in pdf.js viewer isn't blocked
Calling it a vector does not change the fact that simply loading a pdf compromised firefox in a way that a scriptless hml page could not. That is proof enough that pdf.js should still be treated more like a plugin rather than just web content, and therefore be blockable.
- Mon Oct 19, 2015 4:57 am
- Forum: NoScript Development
- Topic: top level built-in pdf.js viewer isn't blocked
- Replies: 18
- Views: 7010
top level built-in pdf.js viewer isn't blocked
pdf.js has been exploited, so should be blockable
- Sun Sep 06, 2015 9:38 pm
- Forum: NoScript Development
- Topic: youtube embed double activation (iframe, flash) problem
- Replies: 11
- Views: 6315
Re: youtube embed double activation (iframe, flash) problem
Investigating, thank you. are you able to repro? I did manage to reproduce, but its causes are very difficult to isolate. Are you going to stay with 31.x for long? This problem is present in fx 38.2.1esr and 40.0.3 with NS 2.6.9.37rc1 directions here In 38.2.1 the player is flash and it never loads...
- Thu Aug 27, 2015 12:16 am
- Forum: Web Tech
- Topic: The Future of Developing Firefox Add-ons
- Replies: 32
- Views: 21428
Re: The Future of Developing Firefox Add-ons
http://forums.mozillazine.org/viewtopic ... #p14302067Giorgio Maone wrote: Where is this discussion happening? Could you please post some links for me to partecipate?
- Wed Aug 26, 2015 4:49 pm
- Forum: Web Tech
- Topic: The Future of Developing Firefox Add-ons
- Replies: 32
- Views: 21428
Re: The Future of Developing Firefox Add-ons
Classic Theme Restorer is probably the best canary in the coal mine for these changes, because it radically unfucks tweaks post australis ui, through xul, css and javascript hacks that mozilla is not likely to acknowledge as needed (that would mean admitting they've been making things worse for year...
- Sun Feb 22, 2015 4:34 am
- Forum: NoScript Development
- Topic: youtube embed double activation (iframe, flash) problem
- Replies: 11
- Views: 6315
Re: youtube embed double activation (iframe, flash) problem
are you able to repro?Giorgio Maone wrote:Investigating, thank you.
- Sat Feb 07, 2015 2:54 pm
- Forum: NoScript Development
- Topic: youtube embed double activation (iframe, flash) problem
- Replies: 11
- Views: 6315
Re: youtube embed double activation (iframe, flash) problem
Please check latest development build 2.6.9.6rc3, thanks. This has regressed for the 31 ESR. Fx 31.4.0 ESR, NS 2.6.9.12, Flash 16.0.0.305, new profile forbid iframe, apply to trusted open allow samsung.com activate one of the videos (first the iframe, then the flash embed), flash never loads
- Sat Nov 29, 2014 10:01 pm
- Forum: NoScript Development
- Topic: youtube embed double activation (iframe, flash) problem
- Replies: 11
- Views: 6315
Re: youtube embed double activation (iframe, flash) problem
I'm getting a "double" frame (placeholder). First click gets you youtube.com, then a second click gets you ytimg.com, after which the clip loads & plays. (I'm running from a less then clean Profile, but I'm not seeing anything odd.) > 3. allow samsung.com Not necessarily needed (for t...
- Sat Nov 29, 2014 7:10 pm
- Forum: FlashGot Development
- Topic: downloaded dash streams should not be given m4a extensions
- Replies: 5
- Views: 5342
Re: downloaded dash streams should not be given mp4 extensio
it turns out it's a little more complicated, mp4 has many subtypes (ftyp)
the expected ftyp of an m4a file is M4A$20, but dash aufio streams are ftyp dash, so at least the m4a extension is wrong.
the expected ftyp of an m4a file is M4A$20, but dash aufio streams are ftyp dash, so at least the m4a extension is wrong.
- Sat Nov 29, 2014 6:13 pm
- Forum: NoScript Development
- Topic: youtube embed double activation (iframe, flash) problem
- Replies: 11
- Views: 6315
youtube embed double activation (iframe, flash) problem
Fx 33.1.1, NS 2.6.9.6rc1, new profile
- forbid iframe, apply to trusted
- open
- allow samsung.com
- activate one of the videos (first the iframe, then the flash embed), it won't play
- Fri Nov 28, 2014 4:20 pm
- Forum: FlashGot Development
- Topic: downloaded dash streams should not be given m4a extensions
- Replies: 5
- Views: 5342
downloaded dash streams should not be given m4a extensions
- Mon Jun 30, 2014 1:37 pm
- Forum: NoScript Development
- Topic: 2.6.8.29 tab opening bookmarklet regression
- Replies: 9
- Views: 3906
Re: 2.6.8.29 tab opening bookmarklet regression
Do you know why the window methods are no longer on the prototype?Giorgio Maone wrote:Fixed in latest development build 2.6.8.30rc5, thank you.
Code: Select all
if (!w || w.open && w.open._bypass)
return null;
- Sat Jun 28, 2014 6:51 pm
- Forum: NoScript Development
- Topic: 2.6.8.29 tab opening bookmarklet regression
- Replies: 9
- Views: 3906
Re: 2.6.8.29 tab opening bookmarklet regression
so window methods are no longer in the prototype but in the instance, why did they do that?
fix
fix
Code: Select all
(function patchAll(w) {
if (!w || w.open._bypass) return w;