At this point it seems unlikely that I will have time to fix this for
Firefox 54, so most-likely it will be Firefox 55.
--BDS
On Tue, Feb 14, 2017 at 8:54 PM, 段垚 wrote:
> Seems I failed to convince you to change the plan.
>
> So the last question is: when will this happen?
>
>
>
> 在 2017/2/15 2
Seems I failed to convince you to change the plan.
So the last question is: when will this happen?
在 2017/2/15 2:54, Till Schneidereit 写道:
On Tue, Feb 14, 2017 at 12:00 PM, 段垚 wrote:
在 2017/2/14 18:10, Till Schneidereit 写道:
On Tue, Feb 14, 2017 at 12:14 AM, 段垚 wrote:
I guess all popula
On Tue, Feb 14, 2017 at 12:00 PM, 段垚 wrote:
>
>
> 在 2017/2/14 18:10, Till Schneidereit 写道:
>
>> On Tue, Feb 14, 2017 at 12:14 AM, 段垚 wrote:
>>
>> I guess all popular softwares have exploits being traded. How this fact
>>>
invalidates my argument?
>
> I was responding to your point a
在 2017/2/14 18:10, Till Schneidereit 写道:
On Tue, Feb 14, 2017 at 12:14 AM, 段垚 wrote:
I guess all popular softwares have exploits being traded. How this fact
invalidates my argument?
I was responding to your point about the threat declining because of the
declining usage of Flash. This is
On Tue, Feb 14, 2017 at 12:14 AM, 段垚 wrote:
> I guess all popular softwares have exploits being traded. How this fact
>>> invalidates my argument?
>>>
>> I was responding to your point about the threat declining because of the
>> declining usage of Flash. This is demonstrably not true.
>>
>
> Wh
在 2017/2/14 2:03, Ehsan Akhgari 写道:
On 2017-02-13 11:50 AM, 段垚 wrote:
在 2017/2/14 0:24, Ehsan Akhgari 写道:
On 2017-02-10 7:51 PM, 段垚 wrote:
在 2017/2/11 2:26, t...@ritter.vg 写道:
On Friday, 10 February 2017 08:32:27 UTC-6, Benjamin Smedberg wrote:
I thought I enumerated the harm at first, b
On 2017-02-13 11:50 AM, 段垚 wrote:
>
>
> 在 2017/2/14 0:24, Ehsan Akhgari 写道:
>> On 2017-02-10 7:51 PM, 段垚 wrote:
>>>
>>> 在 2017/2/11 2:26, t...@ritter.vg 写道:
On Friday, 10 February 2017 08:32:27 UTC-6, Benjamin Smedberg wrote:
> I thought I enumerated the harm at first, but I'll elaborat
在 2017/2/14 0:24, Ehsan Akhgari 写道:
On 2017-02-10 7:51 PM, 段垚 wrote:
在 2017/2/11 2:26, t...@ritter.vg 写道:
On Friday, 10 February 2017 08:32:27 UTC-6, Benjamin Smedberg wrote:
I thought I enumerated the harm at first, but I'll elaborate a little.
1) Flash doesn't know about and breaks our
On 2017-02-10 7:51 PM, 段垚 wrote:
>
>
> 在 2017/2/11 2:26, t...@ritter.vg 写道:
>> On Friday, 10 February 2017 08:32:27 UTC-6, Benjamin Smedberg wrote:
>>> I thought I enumerated the harm at first, but I'll elaborate a little.
>>>
>>> 1) Flash doesn't know about and breaks our "current and subdirect
在 2017/2/11 2:26, t...@ritter.vg 写道:
On Friday, 10 February 2017 08:32:27 UTC-6, Benjamin Smedberg wrote:
I thought I enumerated the harm at first, but I'll elaborate a little.
1) Flash doesn't know about and breaks our "current and subdirectory only"
file: origin policy.
2) Flash is a high
在 2017/2/10 22:34, Benjamin Smedberg 写道:
On Fri, Feb 10, 2017 at 12:36 AM, 段垚 wrote:
在 2017/2/10 1:28, Benjamin Smedberg 写道:
On Wed, Feb 8, 2017 at 2:26 AM, 段垚 wrote:
Is this just preventing auto-loading (like "click to play") or completely
disable Flash for non-http(s) contents?
This
On Friday, 10 February 2017 08:32:27 UTC-6, Benjamin Smedberg wrote:
> I thought I enumerated the harm at first, but I'll elaborate a little.
>
> 1) Flash doesn't know about and breaks our "current and subdirectory only"
> file: origin policy.
>
> 2) Flash is a high-risk attack surface: if you c
On Fri, Feb 10, 2017 at 12:36 AM, 段垚 wrote:
>
> 在 2017/2/10 1:28, Benjamin Smedberg 写道:
>
>> On Wed, Feb 8, 2017 at 2:26 AM, 段垚 wrote:
>>
>> Is this just preventing auto-loading (like "click to play") or completely
>>> disable Flash for non-http(s) contents?
>>>
>>> This is completely disabling
I thought I enumerated the harm at first, but I'll elaborate a little.
1) Flash doesn't know about and breaks our "current and subdirectory only"
file: origin policy.
2) Flash is a high-risk attack surface: if you can get somebody to download
a SWF they can probably own your system. We don't have
On 10.02.2017 01:09, Xidorn Quan wrote:
> On Fri, Feb 10, 2017, at 04:29 AM, Benjamin Smedberg wrote:
>> Will this also prevent loading downloaded .swf files into Firefox? This
>> is
>>> useful for running Flash games, which tend to work best in the browser
>>> (some media players also support load
在 2017/2/10 1:28, Benjamin Smedberg 写道:
On Wed, Feb 8, 2017 at 2:26 AM, 段垚 wrote:
Is this just preventing auto-loading (like "click to play") or completely
disable Flash for non-http(s) contents?
This is completely disabling this content.
Can users get back old behavior by flipping a pre
On Fri, Feb 10, 2017, at 04:29 AM, Benjamin Smedberg wrote:
> Will this also prevent loading downloaded .swf files into Firefox? This
> is
> > useful for running Flash games, which tend to work best in the browser
> > (some media players also support loading Flash files, but their hotkeys
> > tend
On Tue, Feb 7, 2017 at 5:19 PM, Chris Peterson
wrote:
> On 2/7/2017 1:15 PM, Benjamin Smedberg wrote:
>
>> I intend to ship a change which will prevent Flash from loading from
>> file:,
>> ftp:, or any other URL scheme other than http: or https:. The purpose of
>> this change is to increase secu
Will this also prevent loading downloaded .swf files into Firefox? This is
> useful for running Flash games, which tend to work best in the browser
> (some media players also support loading Flash files, but their hotkeys
> tend to conflict).
It will prevent them from loading via File > Open, yes
On Wed, Feb 8, 2017 at 2:26 AM, 段垚 wrote:
> Is this just preventing auto-loading (like "click to play") or completely
> disable Flash for non-http(s) contents?
>
This is completely disabling this content.
>
> Can users get back old behavior by flipping a preference?
>
That is not the plan, no
Is this just preventing auto-loading (like "click to play") or
completely disable Flash for non-http(s) contents?
Can users get back old behavior by flipping a preference?
We have developed a Firefox based tool to edit/view local EPub files,
which may contain Flash.
If this feature can't be
On Tuesday, February 7, 2017 at 10:16:27 PM UTC+1, Benjamin Smedberg wrote:
> I intend to ship a change which will prevent Flash from loading from file:,
> ftp:, or any other URL scheme other than http: or https:. The purpose of
> this change is to increase security and limit Flash to well-tested
On 2/7/2017 1:15 PM, Benjamin Smedberg wrote:
I intend to ship a change which will prevent Flash from loading from file:,
ftp:, or any other URL scheme other than http: or https:. The purpose of
this change is to increase security and limit Flash to well-tested
configuraitons.
Do you want to a
23 matches
Mail list logo
