So I am wondering is there any security issued change about the cross-
domain operations of the NPAPI based plug-ins?
What should I do ? Can I add a white list of domains to certain
domain?
Thanks
Bin
If you have a strong suspicion that a change in Firefox is responsible
for breaking your plugin, a good first step is to file a bug in
Bugzilla, and provide as many details as you can. Feel free to CC me
on the bug (gavin.sharp matches me).
Once you've filed a bug, a useful next step would be to try and find a
1-day regression range, using a binary search through nightly builds
from http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/ . The
relevant builds to test are in the "mozilla1.9.0" directories, and the
approximate time range between when 3.0.5 and 3.0.6 were built is
2008-12-02 to 2009-01-20 (I found this by looking at the time stamps
on the "3.0.x-candidates" directories).
Once you've obtained a 1-day regression range, you can search through
bonsai (http://bonsai.mozilla.org/cvsqueryform.cgi) to find a set of
patches that were checked in between those two builds. It's best to
pad the range you obtain a little bit (e.g. expand it by 4 hours on
each side) to account for variations in time between when the source
was checked out and when the build was posted to the FTP server.
You can also take a look through the set of bugs fixed in 3.0.6 to see
whether any of them stand out as possible causes for the issue you're
seeing (or as a guide to help narrow the range of builds you search):
https://bugzilla.mozilla.org/buglist.cgi?keywords_type=anywords&keywords=fixed1.9.0.6+verified1.9.0.6
Gavin