United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-6745455 : Firefox extensions using Java don't work with new Java Plug-In

Details
Type:
Bug
Submit Date:
2008-09-05
Status:
Closed
Updated Date:
2013-01-10
Project Name:
JDK
Resolved Date:
2009-01-21
Component:
deploy
OS:
generic
Sub-Component:
plugin
CPU:
generic
Priority:
P3
Resolution:
Fixed
Affected Versions:
6u10
Fixed Versions:
6u12 (b02)

Related Reports
Relates:
Relates:
Relates:
Relates:

Sub Tasks

Description
Firefox extensions that use Java are not working with the new Java Plug-In. There appear to be at least a couple of reasons for this:

  - The URL for such extensions starts with "chrome://", which causes a MalformedURLException when parsed by the URL class when producing the document base for the web page. This is causing some of the initialization code for the applet container to bail out.

  - Based on discussions with Mozilla it appears that the JavaScript in browser extensions is granted full privileges, and the previous OJI implementation of the Java Plug-In was informed of that fact when making JavaScript-to-Java calls. Most browser extensions that use Java rely on these elevated privileges. With the new Java Plug-In we do not have the ability to determine on a call-by-call basis whether additional privileges should be granted. However, it seems we need to figure out some way to do this on a page-by-page basis, or in particular, whether we are running in the context of a browser extension.

There have been a few reports of this problem. One is on the forums at http://forums.java.net/jive/thread.jspa?threadID=45933&tstart=0 . Another way to provoke the first failure is to simply load the URL "javascript:alert(window.java);" in Firefox. An extract from an email exchange on this topic with another (large) test case is attached.

                                    

Comments
EVALUATION

Firefox extensions which use Java expect to be able to call from
JavaScript to Java from a privileged context. Such extensions come
from URLs starting with "chrome://" and the browser displays a
security warning before installing such extensions. Therefore for
compatibility reasons we grant all permissions to incoming JavaScript
calls coming from such URLs.
                                     
2008-11-19
SUGGESTED FIX

webrev: http://sa.sfbay.sun.com/projects/deployment_data/6u12/6745455.0
testcase: http://j2se.east.sun.com/deployment/www/tests/1.6.0_12/6745455/
                                     
2008-11-19



Hardware and Software, Engineered to Work Together