diff -u b/browser/base/content/pageinfo/permissions.js b/browser/base/content/pageinfo/permissions.js
--- b/browser/base/content/pageinfo/permissions.js
+++ b/browser/base/content/pageinfo/permissions.js
@@ -299,7 +299,7 @@
 }
 
 function initPluginsRow() {
-  var vulnerableLabel = document.getElementById("browserBundle").getString("pluginActivateVulnerable.label");
+  var vulnerableLabel = document.getElementById("browserBundle").getString("vulnerableNoUpdatePluginWarning");
   let pluginHost = Components.classes["@mozilla.org/plugin/host;1"].getService(Components.interfaces.nsIPluginHost);
 
   let permissionMap = Map();
@@ -311,11 +311,11 @@
     for (let mimeType of plugin.getMimeTypes()) {
       let permString = pluginHost.getPermissionStringForType(mimeType.type);
       if (!permissionMap.has(permString)) {
-        var name = plugin.name;
+        var name = makeNicePluginName(plugin.name);
         if (permString.startsWith("plugin-vulnerable:")) {
           name += " \u2014 " + vulnerableLabel;
         }
-        permissionMap.set(permString, makeNicePluginName(name));
+        permissionMap.set(permString, name);
       }
     }
   }
diff -u b/browser/base/content/test/browser_pageInfo_plugins.js b/browser/base/content/test/browser_pageInfo_plugins.js
--- b/browser/base/content/test/browser_pageInfo_plugins.js
+++ b/browser/base/content/test/browser_pageInfo_plugins.js
@@ -59,8 +59,7 @@
   doOnPageLoad(gHttpTestRoot + "plugin_two_types.html", testPart1a);
 }
 
-// By default, everything should be click-to-play. So: no plugins should be
-// activated, and the radio buttons in Page Info should be "Always Ask"
+// The first test plugin is CtP and the second test plugin is enabled.
 function testPart1a() {
   let test = gTestBrowser.contentDocument.getElementById("test");
   let objLoadingContent = test.QueryInterface(Ci.nsIObjectLoadingContent);
diff -u b/content/base/src/nsObjectLoadingContent.cpp b/content/base/src/nsObjectLoadingContent.cpp
--- b/content/base/src/nsObjectLoadingContent.cpp
+++ b/content/base/src/nsObjectLoadingContent.cpp
@@ -2269,7 +2269,8 @@
     return eType_Document;
   }
 
-  if ((caps & eSupportPlugins) && NS_SUCCEEDED(IsPluginEnabledForType(aMIMEType))) {
+  if (caps & eSupportPlugins) {
+    // ShouldPlay will handle checking for disabled plugins
     return eType_Plugin;
   }
 
@@ -2729,10 +2730,6 @@
 bool
 nsObjectLoadingContent::ShouldPlay(FallbackType &aReason)
 {
-  // mActivated is true if we've been activated via PlayPlugin() (e.g. user has
-  // clicked through). Otherwise, only play if click-to-play is off or if page
-  // is whitelisted
-
   nsresult rv;
 
   nsRefPtr<nsPluginHost> pluginHost = nsPluginHost::GetInst();
@@ -2756,6 +2753,17 @@
     return true;
   }
 
+  // Order of checks:
+  // * Already activated? Then ok
+  // * Assume a default of click-to-play
+  // * If blocklisted, override the reason with the blocklist reason
+  // * If not blocklisted but playPreview, override the reason with the
+  //   playPreview reason.
+  // * Check per-site permissions and follow those if specified.
+  // * Honor per-plugin disabled permission
+  // * Blocklisted plugins are forced to CtP
+  // * Check per-plugin permission and follow that.
+
   if (mActivated) {
     return true;
   }
@@ -2830,20 +2838,22 @@
     }
   }
 
+  uint32_t enabledState = nsIPluginTag::STATE_DISABLED;
+  pluginHost->GetStateForType(mContentType, &enabledState);
+  if (nsIPluginTag::STATE_DISABLED == enableState) {
+    aReason = eFallbackDisabled;
+    return false;
+  }
+
   // No site-specific permissions. Vulnerable plugins are automatically CtP
   if (blocklistState == nsIBlocklistService::STATE_VULNERABLE_UPDATE_AVAILABLE ||
       blocklistState == nsIBlocklistService::STATE_VULNERABLE_NO_UPDATE) {
     return false;
   }
 
-  uint32_t enabledState = nsIPluginTag::STATE_DISABLED;
-  pluginHost->GetStateForType(mContentType, &enabledState);
   switch (enabledState) {
   case nsIPluginTag::STATE_ENABLED:
     return true;
-  case nsIPluginTag::STATE_DISABLED:
-    aReason = eFallbackDisabled;
-    return false;
   case nsIPluginTag::STATE_CLICKTOPLAY:
     return false;
   }
diff -u b/dom/plugins/base/nsNPAPIPluginInstance.cpp b/dom/plugins/base/nsNPAPIPluginInstance.cpp
--- b/dom/plugins/base/nsNPAPIPluginInstance.cpp
+++ b/dom/plugins/base/nsNPAPIPluginInstance.cpp
@@ -1800,10 +1800,10 @@
   bool haveCodeParam = false;
   bool isCodeParamEmpty = true;
 
-  for (uint16_t i = 0; i < paramCount; ++i) {
-    if (PL_strcasecmp(paramNames[i], "code") == 0) {
+  for (uint16_t i = paramCount; i > 0; --i) {
+    if (PL_strcasecmp(paramNames[i - 1], "code") == 0) {
       haveCodeParam = true;
-      if (strlen(paramValues[i]) > 0) {
+      if (strlen(paramValues[i - 1]) > 0) {
         isCodeParamEmpty = false;
       }
       break;
only in patch2:
unchanged:
--- a/dom/plugins/test/mochitest/test_plugin_tag_clicktoplay.html
+++ b/dom/plugins/test/mochitest/test_plugin_tag_clicktoplay.html
@@ -6,31 +6,31 @@
     <script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
     <script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/ChromeUtils.js"></script>
   </head>
   <body>
     <script class="testbody" type="application/javascript">
       Components.utils.import("resource://gre/modules/Services.jsm");
       var pluginHost = Components.classes["@mozilla.org/plugin/host;1"]
                        .getService(Components.interfaces.nsIPluginHost);
-      ok(!pluginHost.isPluginClickToPlayForType("application/x-test"), "click-to-play should be off to begin with");
+      is(pluginHost.getStateForType("application/x-test"), Components.interfaces.nsIPluginTag.STATE_ENABLED, "click-to-play should be off to begin with");
       Services.prefs.setBoolPref("plugins.click_to_play", true);
 
       var pluginTags = pluginHost.getPluginTags();
       var testPlugin = null;
       for (var plugin of pluginTags) {
         if (plugin.name == "Test Plug-in") {
           testPlugin = plugin;
           break;
         }
       }
       ok(testPlugin, "Should have Test Plug-in");
       testPlugin.enabledState = Components.interfaces.nsIPluginTag.STATE_CLICKTOPLAY;
-      ok(pluginHost.isPluginClickToPlayForType("application/x-test"), "click-to-play should be on for Test Plug-in now");
-      ok(!pluginHost.isPluginClickToPlayForType("application/x-second-test"), "click-to-play should still be off for the Second Test Plug-in");
+      is(pluginHost.getStateForType("application/x-test"), Components.interfaces.nsIPluginTag.STATE_CLICKTOPLAY, "click-to-play should be on for Test Plug-in now");
+      is(pluginHost.getStateForType("application/x-second-test"), Components.interfaces.nsIPluginTag.STATE_ENABLED, "click-to-play should still be off for the Second Test Plug-in");
 
       testPlugin.enabledState = Components.interfaces.nsIPluginTag.STATE_ENABLED;
-      ok(!pluginHost.isPluginClickToPlayForType("application/x-test"), "click-to-play should be off for Test Plug-in now");
+      is(pluginHost.getStateForType("application/x-test"), Components.interfaces.nsIPluginTag.STATE_ENABLED, "click-to-play should be off for Test Plug-in now");
 
       Services.prefs.clearUserPref("plugins.click_to_play");
     </script>
   </body>
 </html>
only in patch2:
unchanged:
--- a/toolkit/mozapps/extensions/test/xpcshell/test_pluginBlocklistCtp.js
+++ b/toolkit/mozapps/extensions/test/xpcshell/test_pluginBlocklistCtp.js
@@ -85,71 +85,66 @@ function get_test_plugin() {
 
 // At this time, the blocklist does not have an entry for the test plugin,
 // so it shouldn't be click-to-play.
 function test_is_not_clicktoplay() {
   var plugin = get_test_plugin();
   var blocklistState = gBlocklistService.getPluginBlocklistState(plugin, "1", "1.9");
   do_check_neq(blocklistState, Components.interfaces.nsIBlocklistService.STATE_VULNERABLE_UPDATE_AVAILABLE);
   do_check_neq(blocklistState, Components.interfaces.nsIBlocklistService.STATE_VULNERABLE_NO_UPDATE);
-  do_check_false(gPluginHost.isPluginClickToPlayForType("application/x-test"));
 
   Services.prefs.setCharPref("extensions.blocklist.url", "http://localhost:4444/data/test_pluginBlocklistCtpUndo.xml");
   gNextTest = test_is_clicktoplay;
   gNotifier.notify(null);
 }
 
 // Here, we've updated the blocklist to have a block for the test plugin,
 // so it should be click-to-play.
 function test_is_clicktoplay() {
   var plugin = get_test_plugin();
   var blocklistState = gBlocklistService.getPluginBlocklistState(plugin, "1", "1.9");
   do_check_eq(blocklistState, Components.interfaces.nsIBlocklistService.STATE_VULNERABLE_NO_UPDATE);
-  do_check_true(gPluginHost.isPluginClickToPlayForType("application/x-test"));
 
   Services.prefs.setCharPref("extensions.blocklist.url", "http://localhost:4444/data/test_pluginBlocklistCtp.xml");
   gNextTest = test_is_not_clicktoplay2;
   gNotifier.notify(null);
 }
 
 // But now we've removed that entry from the blocklist (really we've gone back
 // to the old one), so the plugin shouldn't be click-to-play any more.
 function test_is_not_clicktoplay2() {
   var plugin = get_test_plugin();
   var blocklistState = gBlocklistService.getPluginBlocklistState(plugin, "1", "1.9");
   do_check_neq(blocklistState, Components.interfaces.nsIBlocklistService.STATE_VULNERABLE_UPDATE_AVAILABLE);
   do_check_neq(blocklistState, Components.interfaces.nsIBlocklistService.STATE_VULNERABLE_NO_UPDATE);
-  do_check_false(gPluginHost.isPluginClickToPlayForType("application/x-test"));
 
   Services.prefs.setCharPref("extensions.blocklist.url", "http://localhost:4444/data/test_pluginBlocklistCtpUndo.xml");
   gNextTest = test_disable_blocklist;
   gNotifier.notify(null);
 }
 
 // Test that disabling the blocklist when a plugin is ctp-blocklisted will
 // result in the plugin not being click-to-play.
 function test_disable_blocklist() {
   var plugin = get_test_plugin();
   var blocklistState = gBlocklistService.getPluginBlocklistState(plugin, "1", "1.9");
   do_check_eq(blocklistState, Components.interfaces.nsIBlocklistService.STATE_VULNERABLE_NO_UPDATE);
-  do_check_true(gPluginHost.isPluginClickToPlayForType("application/x-test"));
 
   gNextTest = null;
   Services.prefs.setBoolPref("extensions.blocklist.enabled", false);
   blocklistState = gBlocklistService.getPluginBlocklistState(plugin, "1", "1.9");
   do_check_neq(blocklistState, Components.interfaces.nsIBlocklistService.STATE_VULNERABLE_NO_UPDATE);
   do_check_neq(blocklistState, Components.interfaces.nsIBlocklistService.STATE_VULNERABLE_UPDATE_AVAILABLE);
-  do_check_false(gPluginHost.isPluginClickToPlayForType("application/x-test"));
 
   // it should still be possible to make a plugin click-to-play via the pref
   // and setting that plugin's enabled state to click-to-play
   Services.prefs.setBoolPref("plugins.click_to_play", true);
   let previousEnabledState = plugin.enabledState;
   plugin.enabledState = Components.interfaces.nsIPluginTag.STATE_CLICKTOPLAY;
-  do_check_true(gPluginHost.isPluginClickToPlayForType("application/x-test"));
+  do_check_eq(gPluginHost.getStateForType("application/x-test"), Components.interfaces.nsIPluginTag.STATE_CLICKTOPLAY);
   // clean up plugin state
   plugin.enabledState = previousEnabledState;
 
   gServer.stop(do_test_finished);
 }
 
 // Observe "blocklist-updated" so we know when to advance to the next test
 function observer() {