Opt-in activation for plugins/Test Plan: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
 
(17 intermediate revisions by the same user not shown)
Line 29: Line 29:
== Use Cases ==
== Use Cases ==


* Some software installs a plugin the user is not aware of. The first time the plugin is activated by a given page, the user is:
# User has a plugin that is up-to-date:
** given a warning or
#* '''Plugin will run automatically.'''
** plugin is click-to-play until the user actives it
# User has a plugin that mozilla has remotely required to be click to play because the plugin is out of date (implying an update has been released) :
* User has an up-to-date version of Flash or some other common plugin
#* '''Plugin will run automatically.'''
** plugin is click-to-play to reduce resource consumption and risk of zero-day security exploits or
# User has a plugin that mozilla has remotely required to be click to play because the plugin is being widely exploited, no update available
** plugin plays automatically because its popular and considered to be currently safe
#* '''User can run plugin after scary warning'''
* User has a vulnerable plugin with a known security issue, but no update available
# User has a plugin that mozilla has remotely required to be click to play because the plugin is being widely exploited, and an update is available
** User cannot run plugin or
#* '''User is prompted to open plugin-check/update page, but can run plugin after scary warning instead'''
** User can run plugin after scary warning
# User is tired of always clicking to play a given plugin (i.e. outdated flash on YouTube) and for whatever reason cannot or will not update (outdated version of a plugin is required for their job, for example):
* User has a vulnerable plugin with a known security issue, and an update is available
#* '''User can right click on the overlay and check an option to always allow this specific out-of-date version on the specific domain. (UX: How do you right click on tablets and phones?)'''
** User is prompted to update
#* Jruderman has suggested a context menu instead of a click - this is a mitigation against click jacking. Could provide "Now/Always/Never" choices.
** User cannot run plugin
# User chooses to opt in to click to play for all plugins or some subset of their installed plugins
** User can run plugin after scary warning to update first
# Plugins are 'click to play' based on the settings the user chooses in the Add On Manager and any permissions the user has granted to particular domains
* User is tired of always clicking to play a given plugin (i.e. YouTube, or their favorite Java game site)
# User goes to a site that uses a plugin that requires click to play, but it is not visible on the page.
** A user has clicked on this four times in X days, so automatically enable this plugin on this site until user revokes this decision (about:permissions?) and/or remember decision for Y days after last click
#* '''Info bar / door hanger will show up asking if the user wants to enable the plugin, showing user-friendly name of plugin if possible.'''
** Jruderman has suggested a context menu instead of a click - this is a mitigation against click jacking. Could provide "Now/Always/Never" choices.
# A web page has multiple instances of a plugin that requires click to play
#* '''Clicking to play one instance of the plugin will enable that instance and all hidden instances of the same plugin.  Other visible instances of the plugin will not be enabled until explicitly clicked. Plugins of other types are not activated'''


== Test Cases ==
== Test Cases ==
*The test cases for this feature can be viewed [http://bit.ly/IttYo3 here].
*The test cases for this feature can be viewed in Moztrap [https://moztrap.mozilla.org/manage/cases/?filter-suite=56 here].


== Important Bugs ==
== Important Bugs ==
Line 56: Line 57:
* [https://bugzilla.mozilla.org/show_bug.cgi?id=730318 730318] - Opt-in activated plugins should use internal APIs to keep track of plugin activation
* [https://bugzilla.mozilla.org/show_bug.cgi?id=730318 730318] - Opt-in activated plugins should use internal APIs to keep track of plugin activation
* [https://bugzilla.mozilla.org/show_bug.cgi?id=711618 711618] - implement basic click to play permission model
* [https://bugzilla.mozilla.org/show_bug.cgi?id=711618 711618] - implement basic click to play permission model
* [https://bugzilla.mozilla.org/show_bug.cgi?id=549697 549697] - Add click-to-start form of disabled plugins
* [https://bugzilla.mozilla.org/show_bug.cgi?id=742753 742753] - Click to Play should permit each element
* [https://bugzilla.mozilla.org/show_bug.cgi?id=746374 746374] - click-to-play: differentiate by plugin type
* [https://bugzilla.mozilla.org/show_bug.cgi?id=754472 754472] - click-to-play: implement multiple plugin doorhanger ui
* [https://bugzilla.mozilla.org/show_bug.cgi?id=760625 760625] - use the blocklist to inform click-to-play plugins
* [https://bugzilla.mozilla.org/show_bug.cgi?id=752228 752228] - No showing click-to-play doorhanger icon on some pages


==Plugins to blocklist with Click-to-Play==
* Mozilla can remotely configure the user's browser to require click to play for specific plugins that are out-of-date and/or vulnerable.
* [https://bsmedberg.etherpad.mozilla.org/ff15-ctp-blocklist-proposal Click-to-Play Blocklist Proposal]
* [https://wiki.mozilla.org/QA/Plugins/CTP_Blocklist Click-to-Play Blocklist Test Plan]
* [https://bugzilla.mozilla.org/show_bug.cgi?id=760625 bug 760625] - use the blocklist to inform click-to-play plugins
* [https://bugzilla.mozilla.org/show_bug.cgi?id=754472 bug 754472] - click-to-play: implement multiple plugin doorhanger ui
* [https://bugzilla.mozilla.org/show_bug.cgi?id=793338 bug 793338] - click-to-play: implement multiple plugin doorhanger ui (vulnerability status bits)
* [https://bugzilla.mozilla.org/show_bug.cgi?id=772897 bug 772897] - Implement UI for plugins made click-to-play by the blocklist
* [https://bugzilla.mozilla.org/show_bug.cgi?id=793273 bug 793273] - FF16 CTP blocklist should never be triggered
* Anything before including FF 16 will see an infobar as an out of date (but not blocked) plugin
* Anything after FF 16 will have CTP blocklist enabled, out-of-date/vulnerable plugins will be blocked, in about:addons should be some indication of their vulnerable status


== Not Tested ==
== Not Tested ==

Latest revision as of 13:01, 7 October 2013

Opt-in activation for plugins

Feature Status Lead engineer QA Lead Status
Opt-in activation for plugins Development in progress Jared Wein Paul Silaghi OK

Summary

  • Meant to help with multiple scenarios:
    • Performance: Plugins consume significant resources, both individually (i.e. Java starting because a given page requested it), and in aggregate (i.e. Flash consuming 30% of the CPU because of many ads and movies)
    • Security: Plugins are the most common source of user compromise, so not running them by default provides a defense against drive-by attacks, while still enabling them to run on sites where the user desires(YouTube, intranet, whatever).
    • Accidental/malicious install: Plugins can be installed without user interaction or consent, causing potential security and stability issues
    • Chrome has implemented something similar: http://blog.chromium.org/2011/03/mini-newsletter-from-your-google-chrome.html

References

Use Cases

  1. User has a plugin that is up-to-date:
    • Plugin will run automatically.
  2. User has a plugin that mozilla has remotely required to be click to play because the plugin is out of date (implying an update has been released) :
    • Plugin will run automatically.
  3. User has a plugin that mozilla has remotely required to be click to play because the plugin is being widely exploited, no update available
    • User can run plugin after scary warning
  4. User has a plugin that mozilla has remotely required to be click to play because the plugin is being widely exploited, and an update is available
    • User is prompted to open plugin-check/update page, but can run plugin after scary warning instead
  5. User is tired of always clicking to play a given plugin (i.e. outdated flash on YouTube) and for whatever reason cannot or will not update (outdated version of a plugin is required for their job, for example):
    • User can right click on the overlay and check an option to always allow this specific out-of-date version on the specific domain. (UX: How do you right click on tablets and phones?)
    • Jruderman has suggested a context menu instead of a click - this is a mitigation against click jacking. Could provide "Now/Always/Never" choices.
  6. User chooses to opt in to click to play for all plugins or some subset of their installed plugins
  7. Plugins are 'click to play' based on the settings the user chooses in the Add On Manager and any permissions the user has granted to particular domains
  8. User goes to a site that uses a plugin that requires click to play, but it is not visible on the page.
    • Info bar / door hanger will show up asking if the user wants to enable the plugin, showing user-friendly name of plugin if possible.
  9. A web page has multiple instances of a plugin that requires click to play
    • Clicking to play one instance of the plugin will enable that instance and all hidden instances of the same plugin. Other visible instances of the plugin will not be enabled until explicitly clicked. Plugins of other types are not activated

Test Cases

  • The test cases for this feature can be viewed in Moztrap here.

Important Bugs

  • 738698 - [meta] Users should have the ability to activate plugins on demand
  • 711552 - Create click to play UI for desktop
  • 737508 - Add the ability to remember plugin-activation settings
  • 730318 - Opt-in activated plugins should use internal APIs to keep track of plugin activation
  • 711618 - implement basic click to play permission model
  • 549697 - Add click-to-start form of disabled plugins
  • 742753 - Click to Play should permit each element
  • 746374 - click-to-play: differentiate by plugin type
  • 754472 - click-to-play: implement multiple plugin doorhanger ui
  • 760625 - use the blocklist to inform click-to-play plugins
  • 752228 - No showing click-to-play doorhanger icon on some pages

Plugins to blocklist with Click-to-Play

  • Mozilla can remotely configure the user's browser to require click to play for specific plugins that are out-of-date and/or vulnerable.
  • Click-to-Play Blocklist Proposal
  • Click-to-Play Blocklist Test Plan
  • bug 760625 - use the blocklist to inform click-to-play plugins
  • bug 754472 - click-to-play: implement multiple plugin doorhanger ui
  • bug 793338 - click-to-play: implement multiple plugin doorhanger ui (vulnerability status bits)
  • bug 772897 - Implement UI for plugins made click-to-play by the blocklist
  • bug 793273 - FF16 CTP blocklist should never be triggered
  • Anything before including FF 16 will see an infobar as an out of date (but not blocked) plugin
  • Anything after FF 16 will have CTP blocklist enabled, out-of-date/vulnerable plugins will be blocked, in about:addons should be some indication of their vulnerable status

Not Tested

  • TBD

Sign off Criteria

  • All the test cases were executed.
  • All the major bugs have been fixed.
Retrieved from "https://wiki.mozilla.org/index.php?title=Opt-in_activation_for_plugins/Test_Plan&oldid=723571"