<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 10/19/10 9:23 PM, JoeS wrote:
<blockquote cite="mid:4CBE6EB5.9030207@bellatlantic.net" type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
Come on guys<br>
<br>
<a moz-do-not-send="true"
href="https://bugzilla.mozilla.org/show_bug.cgi?id=599119">599119</a>
had absolutely nothing to do with a "new" security vulnerability.<br>
And yet the relnote:<br>
<blockquote type="cite">Plugins will no longer show in add-on
manager as they have now been globally disabled due to
performance issues. Mozilla Messaging does not recommend
enabling plugins due to possible security issues.</blockquote>
Certainly would lead one to come to that conclusion.<br>
</blockquote>
<br>
I agree that if one reads it quickly, one could indeed jump to the
conclusion you describe. That said, both of those sentences are
true. I don't have a strong feeling about whether that's worth
changing.<br>
<br>
<blockquote cite="mid:4CBE6EB5.9030207@bellatlantic.net" type="cite">
Viewing an embedded YouTube in an email or a newsgroup post can't
possibly be any different from viewing one in Firefox.<br>
It's the same plugin in either case.<br>
</blockquote>
<br>
While they are the same plugin, they are executing in different
security contexts. In particular, Flash embeds an ActionScript
interpreter in it, so there are similar store-and-forward
consequences to having JavaScript turned on in email. <br>
<br>
<blockquote cite="mid:4CBE6EB5.9030207@bellatlantic.net" type="cite">As
some of you might know, I believe the future of TB is making email
more web-like, and discouraging plugin usage certainly doesn't
help.<br>
</blockquote>
<br>
I agree with the long-term goal here. My belief is that
technologies that are specifically of and for the web (eg
<video> and <audio>) are more appropriate vectors for
pursuing that goal.<br>
<br>
<blockquote cite="mid:4CBE6EB5.9030207@bellatlantic.net" type="cite">
Please at least add a bug reference to the relnote.<br>
We already have a bug report on the issue <a
moz-do-not-send="true"
href="https://bugzilla.mozilla.org/show_bug.cgi?id=605563">605563.</a><br>
</blockquote>
<br>
That's Mark's call to make. I know, however, that he's pretty
swamped <br>
<br>
Dan<br>
<br>
</body>
</html>