Dave A. wrote:
The behavior of scanning the system for all sorts of plugins and
enabling them by default needs to stop. Not only is the default
behavior to enable external plugins by default without prompting the
user, but there is no convenient way to disable them from the UI.
I've been setting the "plugin.scan.[product]" preference strings to
ridiculously high values; e.g.,
user_pref("plugin.scan.WindowsMediaPlayer", "99") as a hack, but there
should be a documented and supported method to ensure consistent control
over plugin behavior. At the very least, there should be well defined
global (for administrators) and per-user preferences to control plugins;
whether exposed in the UI or not is a different matter.
The current plugin behavior is of an "IE like" mentality, something one
would neither expect nor desire from Mozilla. Since I generally dislike
it when people whine about open source projects without doing anything
to contribute, perhaps there is something I can do to improve this
situation. I've compiled Mozilla and FF on Windows from the source many
times in the past, and the size of the code base is quite daunting. Can
someone recommend a good resource (a book would be nice) that details
the procedure of writing extensions? My current level of understanding
concerning the whole XUL deal is rather limited, so I will need to
attack that first. If someone would tell me the appropriate part (or at
least the top level) of the source tree to begin snooping, that would
help as well.
Dave
the simple way, which works for me, just go to the plugins directory for
the browser and delete them all.
also, make sure that plugins and software installation and helper apps
are all completely cleared out or turned off.
then you don't have to worry about them again.
( I regularly clean out the helper apps, as os filetype associations are
getting called, need to rip that garbage from the sources before next
build to make life simpler. )
_______________________________________________
Mozilla-security mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-security
