Changes

Blocklisting is the ability to disable errant add-ons , plugins, and plugins other third-party software for all Firefox users. The For graphics drivers, please see [httphttps://wwwwiki.mozilla.comorg/blocklistUser:JoeDrew/ current list of blocklisted itemsGFXBlocklistDraft this policy] is published to mozilla.com

= How to Blocklist an Add-on Blocklisting Policy =# file a [https://bugzillaNo matter how secure, fast, or stable Firefox is, one encounter with bad third-party software can cause permanent damage to Firefox, your computer, or worse.mozillaThat's why Mozilla considers it our responsibility to help users avoid those encounters.org/enter_bug.cgi?alias=&assigned_to=nobody%40mozilla.org&blocked=&bug_file_loc=http%3A%2F%2F&bug_severity=normal&bug_status=NEW&comment=&component=Blocklisting&contenttypeentry=&contenttypemethod=autodetect&contenttypeselection=text%2Fplain&data=&dependson=&description=&flag_typeOne tool we use to do that is blocking dangerous third-250=X&flag_typeparty add-270ons, plugins, and DLLs from running in Firefox. =X&flag_type-271=X&flag_type-369A High Bar =X&flag_type-374=X&flag_typeBlocking third-385party software is a sensitive issue that must be carefully considered in every case. We must be certain that the issue at hand is so great that it outweighs the user's choice to install the software, the utility it provides, and the vendor's freedom to distribute and control their software. =X&flag_type-389=X&flag_type-4Block Conditions =X&form_name=enter_bug&keywords=&maketemplate=RememberAcceptable reasons for blocking software include:* Critical security vulnerabilities* High crash volume (e.g. 10,000 or more in a week)* Malicious in nature* Severe performance impact (e.g. adds more than 75%20values%20as%20bookmarkable%20template&op_sys=All&priority=to start-up time)* Severe bugs that unintentionally affect core Firefox features {{note|The above conditions assume users have chosen to install the add-&product=addonson or software in question.mozillaIf the software is installed without user consent, the bar is significantly lower to blocking for the above and other reasons.org&qa_contact=blocklisting%40add}} The following are '''not''' reasons to block an add-ons.bugs&rep_platformon:* Inclusion of advertisements or other "spyware" tactics, unless users did not choose to install the software or were not made aware of the offending functionality* Intentional significant changes to or breakage of core Firefox features, unless users did not choose to install the software or were not made aware of the offending functionality* At request of the vendor/developer, except in extreme circumstances =All&short_desc=&target_milestoneBlock Severity =---&version=unspecified Blocklisting bug]# include extension guid, extension versions There are two levels of blocking available to be blocklisted add-ons and all affected appliction guids plugins: soft and version ranges# submit the bug and make sure to reference any related bugs# author will be contacted and appropriate action will be taken that is best for usershard.

Soft-blocks disable the add-on by default, but allow the user to override and continue to use the add-on. This is the preferred option in almost all cases. Hard-blocks disable the add-on and do not allow the user to enable it or override the block. This should only be used in cases where:* an add-on is malicious* a soft-block will not resolve the issue in question, such as a start-up crash = Blocklisting Policy =Vendor Outreach and Block Ranges ==Software should not be blocklisted without a reasonable attempt to contact the vendor/developer beforehand to alert them of the block and request a fixed version. If a fixed version will be provided in an adequate timeframe (0-3 calendar days), the block should be held so that users can update to the fixed version. Block ranges should be as specific as possible to only target the offending versions in the affected application versions.

= How to request a block =# Read the policy above and be sure your request meets the criteria# File a bug using the appropriate request form and filling in all requested details:#* [https://bugzilla.mozilla.org/enter_bug.cgi?comment=Extension%20name%3A%20%0D%0AExtension%20UUID%3A%20%0D%0AExtension%20versions%20to%20block%3A%20%0D%0AApplications%2C%20versions%2C%20and%20platforms%20affected%20affected%3A%20%0D%0ABlock%20severity%3A%20%28hard%2Fsoft%29%0D%0A%0D%0AHomepage%2C%20AMO%20listing%2C%20other%20references%20and%20contact%20info%3A%20%0D%0A%0D%0AReasons%3A&component=Blocklisting&op_sys=All&product=addons.mozilla.org&rep_platform=All&short_desc=Extension%20block%20request%3A%20%3CUUID%3E&status_whiteboard=%5Bextension%5D&version=unspecified Extension Block add-ons & plugins:Request]#** with versions with known vulnerabilities or major user-facing issues[https://bugzilla.mozilla.org/enter_bug.cgi?comment=Plugin%20name%3A%20%0D%0APlugin%20versions%20to%20block%3A%20%0D%0AApplications%2C%20versions%2C%20and%20platforms%20affected%3A%20%0D%0ABlock%20severity%3A%20%28hard%2Fsoft%29%0D%0A%0D%0AHow%20does%20this%20plugin%20appear%20in%20about%3Aplugins%3F%0D%0A%20%20%20%20File%3A%20%0D%0A%20%20%20%20Version%3A%20%0D%0A%20%20%20%20Description%3A%20%0D%0A%0D%0AHomepage%20and%20other%20references%20and%20contact%20info%3A%20%0D%0A%0D%0AReasons%3A&component=Blocklisting&op_sys=All&product=addons.mozilla.org&rep_platform=All&short_desc=Plugin%20block%20request%3A%20%3Cplugin%20name%3E&status_whiteboard=%5Bplugin%5D&version=unspecified Plugin Block Request]#** with [https://bugzilla.mozilla.org/enter_bug.cgi?comment=DLL%20name%3A%20%0D%0ADLL%20versions%20to%20block%3A%20%0D%0AApplications%2C%20versions%2C%20and%20platforms%20affected%3A%20%0D%0A%0D%0AHomepage%20and%20other%20references%20and%20contact%20info%3A%20%0D%0A%0D%0AReasons%3A&component=Blocklisting&op_sys=All&product=addons.mozilla.org&rep_platform=All&short_desc=DLL%20block%20request%3A%20%3CDLL%20name%3E&status_whiteboard=%5Bdll%5D&version ranges with known vulnerabilities=unspecified DLL Block Request]** with fatal bugs (client crashes on startup or something causing an endless loop of unusability)# The request will follow the process outlined below until resolved.

* Don't block:** before we work with author/vendor If there is an existing bug to send out an updatebe morphed into a blocklist request, so don't block make sure the required information (indicated in the request template) is included in the most recent version of a major addon/plugin** for minor bugs or non-popular bug before moving it to addons/plugins (crashes on event calls, messed up UI, etc.)** if user has disabled compatibility checking and add-on causes problems/crashes** plugins that mozilla.org :: Blocklisting. Please do not move bugs to Blocklisting until they are pre-release, alpha or betaready for blocklist consideration.

= Blocklist Workflow Blocklisting Process =We should # A request is filed with detailed information as described above# The vendor or developer of the item in question will be contacted, directed to the bug, and encouraged to fix the issue.# The request will be aware discussed in the bug among the Firefox and add-ons product drivers and other interested parties to agree upon validity of the process involved. Below is a diagram request, block ranges, and severity# The agreed-upon block range will be placed on the blocklist staging server for anyone to explain [[Blocklisting/Testing|help test]]# Once the tests have finished running without errors, the steps involved.block will be pushed to production

http= What users will see =[[File://people.mozilla.org/~morgamic/blocklistingAddonblock.png|600px|thumb|center|Screenshots of add-on block flow|Add-on block flow from a user perspective]]

= Testing the Blocklist Service =There are two ways to test the service[[File:* update a local install of AMO with test entries and point extensionsPluginblock.blocklist.url at your copy png|600px|thumb|center|Screenshots of AMO* manually edit the local blocklist.xml in your profile directory to contain test entries* you'll want to adjust your app timer stuff using [https://wiki.mozilla.org/Extension_Blocklisting:Testing these instructionsplugin block flow|Plugin block from a user perspective]]

* [https://wikiaddons.mozilla.org/blocked Currently blocked items]* [[Extension_Blocklisting:Code_Design |XML definition]]* [[Blocklisting/Testing|Testing a staged block]] or [[Extension_Blocklisting:Testing|other blocklist testing]]* Current [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&product=addons.mozilla.org&component=Blocklisting&long_desc_type=substring&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&status_whiteboard_type=allwordssubstr&status_whiteboard=&keywords_type=allwords&keywords=&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&resolution=---&emailassigned_to1=1&emailtype1=exact&email1=&emailassigned_to2=1&emailreporter2=1&emailqa_contact2=1&emailtype2=exact&email2=&bugidtype=include&bug_id=&votes=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=Reuse+same+sort+as+last+time&field0-0-0=noop&type0-0-0=noop&value0-0-0= list of open Blocklisting bugs/Open blocklist requests]