Plugin check falsely reporting Adobe Flash 13.0.0.214 is up to date when it is vulnerable

RESOLVED FIXED

Status

--
major
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: richlaughlin, Assigned: espressive)

Tracking

Details

Attachments

(2 attachments)

(Reporter)

Description

5 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0 (Beta/Release)
Build ID: 20140605174243

Steps to reproduce:

Run plugin check


Actual results:

Adobe Flash PlayerShockwave Flash 13.0.0.214 is reported as Up to Date but the green up-to-date button informs me that version 14.0.0.125 is available. According to adobe's security bulletin, this is a vulnerable plugin

http://helpx.adobe.com/security/products/flash-player/apsb14-16.html 



Expected results:

Status should be "vulnerable", not "up-to-date" Green "up-to-date" button should be red "Update now". Link under the button is already correct.
(Reporter)

Updated

5 years ago
Severity: normal → major

Updated

5 years ago
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Plugin check falsely reporting a plugin is up to date when it is vulnerable → Plugin check falsely reporting Adobe Flash 13.0.0.214 is up to date when it is vulnerable

Comment 1

5 years ago
Created attachment 8438423 [details]
screenshot-PluginCheckFx29

I see this in both Firefox 29 (screenshot attached) and Firefox 30.

Comment 2

5 years ago
Created attachment 8438426 [details]
screenshot-PluginCheckFx30

Here's a screenshot for Firefox 30 (both screenshots are from today, both are on the same Windows 7 computer)

Comment 3

5 years ago
I can also confirm.

The plugin database needs to be updated.

Security updates available for Adobe Flash Player
Release date: June 10, 2014
Vulnerability identifier: APSB14-16
http://helpx.adobe.com/security/products/flash-player/apsb14-16.html

> * Users of Adobe Flash Player 13.0.0.214 and earlier versions for Windows and Macintosh
>   should update to Adobe Flash Player 14.0.0.125.
> 
> * Users of Adobe Flash Player 11.2.202.359 and earlier versions for Linux should update
>   to Adobe Flash Player 11.2.202.378.

I am CCing Carsten Book as he often adds plugins to the database.

Also, bug 978505 comment # 7 has some recent information, and links, about
Adobe's ESR version of Flash.

DJ-Leith
(Assignee)

Comment 4

5 years ago
Plugin database has been updated for Mac, Windows and Linux.
Assignee: nobody → schalk.neethling.bugs
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED

Comment 5

5 years ago
Thanks Schalk,

Flash 13.0.0.214 now correctly reported as "vulnerable" on Fx 30 and Aurora, on Windows 7.

DJ-Leith

Updated

5 years ago
Duplicate of this bug: 1023946
You need to log in before you can comment on or make changes to this bug.