The behavior of scanning the system for all sorts of plugins and enabling them by default needs to stop. Not only is the default behavior to enable external plugins by default without prompting the user, but there is no convenient way to disable them from the UI.
I've been setting the "plugin.scan.[product]" preference strings to ridiculously high values; e.g., user_pref("plugin.scan.WindowsMediaPlayer", "99") as a hack, but there should be a documented and supported method to ensure consistent control over plugin behavior. At the very least, there should be well defined global (for administrators) and per-user preferences to control plugins; whether exposed in the UI or not is a different matter. The current plugin behavior is of an "IE like" mentality, something one would neither expect nor desire from Mozilla. Since I generally dislike it when people whine about open source projects without doing anything to contribute, perhaps there is something I can do to improve this situation. I've compiled Mozilla and FF on Windows from the source many times in the past, and the size of the code base is quite daunting. Can someone recommend a good resource (a book would be nice) that details the procedure of writing extensions? My current level of understanding concerning the whole XUL deal is rather limited, so I will need to attack that first. If someone would tell me the appropriate part (or at least the top level) of the source tree to begin snooping, that would help as well. Dave _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security