Closed Bug 1023838 Opened 10 years ago Closed 10 years ago

Plugin check falsely reporting Adobe Flash 13.0.0.214 is up to date when it is vulnerable

Categories

(Websites :: plugins.mozilla.org, defect)

Product:
Websites
Component:
plugins.mozilla.org
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: richlaughlin, Assigned: espressive)

Details

Attachments

(2 files)

screenshot-PluginCheckFx29
204.85 KB, image/png
Details
screenshot-PluginCheckFx30
157.94 KB, image/png
Details 
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0 (Beta/Release)
Build ID: 20140605174243

Steps to reproduce:

Run plugin check


Actual results:

Adobe Flash PlayerShockwave Flash 13.0.0.214 is reported as Up to Date but the green up-to-date button informs me that version 14.0.0.125 is available. According to adobe's security bulletin, this is a vulnerable plugin

http://helpx.adobe.com/security/products/flash-player/apsb14-16.html 



Expected results:

Status should be "vulnerable", not "up-to-date" Green "up-to-date" button should be red "Update now". Link under the button is already correct.
Severity: normal → major
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Plugin check falsely reporting a plugin is up to date when it is vulnerable → Plugin check falsely reporting Adobe Flash 13.0.0.214 is up to date when it is vulnerable
I see this in both Firefox 29 (screenshot attached) and Firefox 30.
Here's a screenshot for Firefox 30 (both screenshots are from today, both are on the same Windows 7 computer)
I can also confirm.

The plugin database needs to be updated.

Security updates available for Adobe Flash Player
Release date: June 10, 2014
Vulnerability identifier: APSB14-16
http://helpx.adobe.com/security/products/flash-player/apsb14-16.html

> * Users of Adobe Flash Player 13.0.0.214 and earlier versions for Windows and Macintosh
>   should update to Adobe Flash Player 14.0.0.125.
> 
> * Users of Adobe Flash Player 11.2.202.359 and earlier versions for Linux should update
>   to Adobe Flash Player 11.2.202.378.

I am CCing Carsten Book as he often adds plugins to the database.

Also, bug 978505 comment # 7 has some recent information, and links, about
Adobe's ESR version of Flash.

DJ-Leith
Plugin database has been updated for Mac, Windows and Linux.
Assignee: nobody → schalk.neethling.bugs
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Thanks Schalk,

Flash 13.0.0.214 now correctly reported as "vulnerable" on Fx 30 and Aurora, on Windows 7.

DJ-Leith
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: