The behavior of scanning the system for all sorts of plugins and
enabling them by default needs to stop. Not only is the default
behavior to enable external plugins by default without prompting the
user, but there is no convenient way to disable them from the UI.
I've been setting the "plugin.scan.[product]" preference strings to
ridiculously high values; e.g.,
user_pref("plugin.scan.WindowsMediaPlayer", "99") as a hack, but there
should be a documented and supported method to ensure consistent control
over plugin behavior. At the very least, there should be well defined
global (for administrators) and per-user preferences to control plugins;
whether exposed in the UI or not is a different matter.
The current plugin behavior is of an "IE like" mentality, something one
would neither expect nor desire from Mozilla. Since I generally dislike
it when people whine about open source projects without doing anything
to contribute, perhaps there is something I can do to improve this
situation. I've compiled Mozilla and FF on Windows from the source many
times in the past, and the size of the code base is quite daunting. Can
someone recommend a good resource (a book would be nice) that details
the procedure of writing extensions? My current level of understanding
concerning the whole XUL deal is rather limited, so I will need to
attack that first. If someone would tell me the appropriate part (or at
least the top level) of the source tree to begin snooping, that would
help as well.
Dave
_______________________________________________
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
