Opened 5 years ago

Closed 5 years ago

Last modified 4 years ago

#852 closed Bug (fixed)

Disable ActiveX browser plugins in Internet Explorer

Reported by: amenthes Owned by: vipsoft
Priority: normal Milestone: Piwik 0.4.2
Component: Core Keywords:
Cc: Sensitive: no

Description

Hi there,

One of my visitors called and told me, that he is getting strange messages, when browsing my website. I couldn't make heads or tails of it, so i took a look at it myself.

It seems that the Real-Player triggers the Windows Vista UAC-message. I was not yet able to reproduce the error on my own machine, but it started exactly the moment we started using Piwik.

Disabling the Check for real player would be a fix for me, as I do not really care for this particular plugin.

This is a major annoyance, since he gets the window on every single page-view. I'd give it a priority "major", but then again, who has real player installed and uses vista and IE at the same time ;-)

Change History (6)

comment:1 Changed 5 years ago by vipsoft (robocoder)

  • Milestone set to 1 - Piwik 0.4.2
  • Owner set to vipsoft

comment:2 Changed 5 years ago by vipsoft (robocoder)

  • Summary changed from JS-Snippet triggers UAC under Windows Vista/IE to Disable ActiveX browser plugins in Internet Explorer

Piwik isn't trying to exploit a plugin vulnerability, but unexplained/unexpected security alerts and/or launching of apps can spook visitors. This is undesirable even if impacts a small number of users.

The proposal is to disable ActiveX plugin detection on Internet Explorer. Maybe one day, Microsoft will populate window.navigator.mimeTypes[] (or navigator.plugins[]) instead of leaving these properties empty.

comment:3 Changed 5 years ago by vipsoft (robocoder)

An alternate proposal would be to disable ActiveX plugin detection by default, and provide a method to enable it.

comment:4 Changed 5 years ago by vipsoft (robocoder)

Note: GA has a _setDetectFlash(bool) method.

comment:5 Changed 5 years ago by vipsoft (robocoder)

  • Resolution set to fixed
  • Status changed from new to closed

(In [1312]) fixes #852 - disabled ActiveX plugin detection in IE

comment:6 Changed 4 years ago by vipsoft (robocoder)

  • Keywords ie vista real player plugin UAC message removed
  • Sensitive unset
Note: See TracTickets for help on using tickets.