Closed Bug 752063 Opened 12 years ago Closed 12 years ago

Blocklist Flash versions < 10.3.183.19 / 11.2.202.235 on Intel due to 0-day

Tracking

(Not tracked)

Status:

RESOLVED FIXED

People

(Reporter: alqahira, Assigned: alqahira)

Details

(Whiteboard: [camino-2.1.3])

Attachments

(1 file, 1 obsolete file)

Does the deed 12 years ago Smokey Ardisson (offline for a while; not following bugs - do not email) 1.32 KB, patch		Details \| Diff \| Splinter Review
Does the deed, with the right versions 12 years ago Smokey Ardisson (offline for a while; not following bugs - do not email) 1.32 KB, patch		Details \| Diff \| Splinter Review

Smokey Ardisson (offline for a while; not following bugs - do not email)

Assignee

Description

•

12 years ago

Stuart, today's Flash 0-day is supposedly only targeting WinIE in the wild: http://www.adobe.com/support/security/bulletins/apsb12-09.html

Should we go ahead and move the minimum versions up to the new versions anyway?  I.e., is our policy (bug 662666 comment 15 et seq) to move the version on all 0-days, or only on 0-days believed to impact Mac OS X?

philippe (part-time)

Comment 1

•

12 years ago

I'm all in favor of blocking them - some dump comic might find a way to recycle the latest hole(s), even if it is just for the fun of it.

Stuart Morgan

Comment 2

•

12 years ago

Since it's not clear if the vulnerability is hard to exploit for Mac, or the cases they know of just didn't happen to, let's go ahead and block it.

Smokey Ardisson (offline for a while; not following bugs - do not email)

Assignee

Updated

•

12 years ago

Status: UNCONFIRMED → ASSIGNED

Ever confirmed: true

Summary: Blocklist all Flash versions < 10.3.183.18 / 11.0.202.238 on Intel due to 0-day? → Blocklist all Flash versions < 10.3.183.18 / 11.2.202.235 on Intel due to 0-day?

Smokey Ardisson (offline for a while; not following bugs - do not email)

Assignee

Comment 3

•

12 years ago

Attached patch Does the deed (obsolete) — Details — Splinter Review

Per bug 688370 comment 1, there's blanket-sr=smorgan for this.  I'll land it as soon as we have a tinderbox.m.o again :P

Smokey Ardisson (offline for a while; not following bugs - do not email)

Assignee

Comment 4

•

12 years ago

Attached patch Does the deed, with the right versions — Details — Splinter Review

Argh, that's supposed to be .19; how did I manage to get both versions wrong in this bug?  (But I got both right in flash-check.js :P )

Attachment #621357 - Attachment is obsolete: true

Smokey Ardisson (offline for a while; not following bugs - do not email)

Assignee

Comment 5

•

12 years ago

http://hg.mozilla.org/camino/rev/7e142af8f588

Status: ASSIGNED → RESOLVED

Closed: 12 years ago

Resolution: --- → FIXED

Summary: Blocklist all Flash versions < 10.3.183.18 / 11.2.202.235 on Intel due to 0-day? → Blocklist Flash versions < 10.3.183.19 / 11.2.202.235 on Intel due to 0-day

Whiteboard: [camino-2.1.3]

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Blocklist Flash versions < 10.3.183.19 / 11.2.202.235 on Intel due to 0-day

Categories

(Camino Graveyard :: Plug-ins, defect)

Tracking

(Not tracked)

People

(Reporter: alqahira, Assigned: alqahira)

References

Details

(Whiteboard: [camino-2.1.3])

Crash Data

Security

(public)

User Story

Attachments

(1 file, 1 obsolete file)

Description

Comment 1

Comment 2

Updated

Comment 3

Comment 4

Comment 5

Attachment

General

Description

File Name

Content Type