CtP discoverability issues proposal

Richard Bateman richard at batemansr.us
Thu Sep 5 16:50:02 UTC 2013

On Sep 5, 2013, at 10:00 , Benjamin Smedberg <benjamin at smedbergs.us> wrote:

> As I just mentioned to Richard, I'm not sure that in general I *want* hidden plugins to be more discoverable. I think the common case for everything except Flash is that you're being attacked by a compromised ad network and in those cases we don't want to throw this prompt up in the user's face.

Do you have any numbers, any statistics, anything at all to back that assessment up?  I realize that those are the visible ones, and those are the problems… but my experience is very, very different from that.  The vast majority of FireBreath plugins, as I have mentioned, are hidden and are *not* malicious.  How many such individual plugins are there that are malicious? How do they normally get installed?  I can understand a concern about plugins with security vulnerabilities, but I have never even heard of a widespread plugin that was actually an attack.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/firefox-dev/attachments/20130905/911d2e6f/attachment.html>

More information about the firefox-dev mailing list