This page describes our plan and policy around the new Firefox 3 capability of Plugin Blocklisting. We currently have Add-On Blocklisting.

Policy

• Block plugins:
  • with versions with known vulnerabilities or major user-facing issues
  • with version ranges with known vulnerabilities
  • with fatal bugs (client crashes on startup or something causing an endless loop of unusability)

• Don't block:
  • before we work with author/vendor to send out an update, so don't block the most recent version of a major plugin
  • for minor bugs for non-popular extensions/plugins (crashes on event calls, messed up UI, etc.)

Plan

• QA to verify all plugin blocklist open issues - bug 391731
• Contact Adobe & Sun re:vulnerable list [DVeditz/Window/Brandon?]
• Publish list to http://www.mozilla.com/en-US/blocklist
• Create a component in BZ for filing requests
• Publish this policy