Bug 1484380 - [Mac] Default the Mac Flash sandbox to level 1. r=Alex_Gaynor, a=RyanVM
authorHaik Aftandilian <haftandilian@mozilla.com>
Mon, 20 Aug 2018 17:02:44 +0000
changeset 478517 ba304f0a35dcc8c8ec4147497c86739cb88144a3
parent 478516 b93adae97b4177601c0b08bd09461fd0623f1c2b
child 478518 7c4cd4c257821ae95e63653a8e3d8dc36245b100
push id9698
push userryanvm@gmail.com
push dateTue, 21 Aug 2018 19:29:02 +0000
treeherdermozilla-beta@35f33cc301f1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersAlex_Gaynor, RyanVM
bugs1484380
milestone62.0
Bug 1484380 - [Mac] Default the Mac Flash sandbox to level 1. r=Alex_Gaynor, a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D3675
browser/app/profile/firefox.js
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -1074,26 +1074,26 @@ pref("security.sandbox.content.level", 3
 #if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
 // Prefs for controlling whether and how the Mac NPAPI Flash plugin process is
 // sandboxed. On Mac these levels are:
 // 0 - "no sandbox"
 // 1 - "global read access, limited write access for Flash functionality"
 // 2 - "read access triggered by file dialog activity, limited read/write"
 //     "access for Flash functionality"
 // 3 - "limited read/write access for Flash functionality"
-pref("dom.ipc.plugins.sandbox-level.flash", 2);
+pref("dom.ipc.plugins.sandbox-level.flash", 1);
 // Controls the level used on older OS X versions. Is overriden when the
 // "dom.ipc.plugins.sandbox-level.flash" is set to 0.
 pref("dom.ipc.plugins.sandbox-level.flash.legacy", 1);
 // The max OS minor version where we use the above legacy sandbox level.
 pref("dom.ipc.plugins.sandbox-level.flash.max-legacy-os-minor", 10);
 // Controls the sandbox level used by plugins other than Flash. On Mac,
 // no other plugins are supported and this pref is only used for test
 // plugins used in automated tests.
-pref("dom.ipc.plugins.sandbox-level.default", 2);
+pref("dom.ipc.plugins.sandbox-level.default", 1);
 #endif
 
 #if defined(XP_LINUX) && defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
 // This pref is introduced as part of bug 742434, the naming is inspired from
 // its Windows/Mac counterpart, but on Linux it's an integer which means:
 // 0 -> "no sandbox"
 // 1 -> "content sandbox using seccomp-bpf when available" + ipc restrictions
 // 2 -> "seccomp-bpf + write file broker"