Changes

IE does not allow enumeration via <code>navigator.plugins[]</code>. We could follow suit here Starting in Firefox 28 ([https://bugzilla.mozilla.org/show_bug.cgi?id=757726 bug 757726]), Firefox restricts which plugins are visible to content enumerating <code>navigator.plugins[]</code>. This change does not disable any plugins; it just hides some plugin names from enumeration. Websites can still check whether a particular hidden plugin is installed by directly querying <code>navigator.plugins[]</code> like <code>navigator.plugins["Silverlight Plug-In"]</code>. This code change will reduce browser uniqueness by "cloaking" uncommon plugin names from <code>navigator.plugins[]</code> enumeration. If a website does not use the "Adobe Acrobat NPAPI Plug-in, Version 11.0.02" plugin, why does it need to know that the "Adobe Acrobat NPAPI Plug-in, Version 11.0.02" plugin is installed? If a website does need to know whether the plugin is installed or meets minimum version requirements, it can still check <code>navigator.plugins["Adobe Acrobat NPAPI Plug-in, Version 11.0.02"]</code> or <code>navigator.mimeTypes["application/vnd.fdf"]. A enabledPlugin</code> (to workaround problem plugins that short list could -sightedly include version numbers in their names, thus allow only individual plugin versions to be brutequeried). For example, the following JavaScript reveals my installed plugins: <pre>for (plugin of navigator.plugins) { console.log(plugin.name); } "Shockwave Flash""QuickTime Plug-in 7.7.3""Default Browser Helper""Unity Player""Google Earth Plug-in""Silverlight Plug-forced In""Java Applet Plug-in""Adobe Acrobat NPAPI Plug-in, Version 11.0.02""WacomTabletPlugin" navigator.plugins["Unity Player"].name // get cloaked plugin by simply including several name"Unity Player"</pre> But with plugin cloaking, the same JavaScript will not reveal as much personally-identifying information about my browser because all plugin names except Flash, Shockwave (Director), Java, and QuickTime are hidden from <code>navigator.plugins[]</code> enumeration: <pre>for (pluginof navigator.plugins) { console.log(plugin.name); } "Shockwave Flash""QuickTime Plug-specific objects in a page7.7.3""Java Applet Plug-in"</pre> In theory, all plugin names could be cloaked because web content can query navigator.plugins[] by plugin name. I'm Unfortunately, we could not sure what cloak all plugin names because many popular websites check for Flash or QuickTime by enumerating navigator.plugins[] and comparing plugin names one by one, instead of just asking for navigator.plugins["Shockwave Flash"] by name. These websites should be fixed. The policy of which plugin names are uncloaked can be done changed in the about that:config pref <code>plugins.enumerable_names</code>. The pref’s value is a comma-separated list of plugin name prefixes (so the prefix "QuickTime" will match both "QuickTime Plug-in 6.4" and "QuickTime Plug-in 7.7.3"). The default pref cloaks all plugin names except Flash, Shockwave (Director), Java, and QuickTime. To cloak all plugin names, other than perhaps limiting set the number of pref to the empty string "" (without quotes). To cloak no plugin types a page can display?names, set the pref to magic value "*" (without quotes).