Closed
Bug 1081644
Opened 10 years ago
Closed 10 years ago
Firefox is supporting old versions of Real player plug-in
Categories
(Plugin Check Graveyard :: Whistler, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: devand27, Assigned: espressive)
References
Details
Attachments
(1 file)
|
245.91 KB,
image/png
|
Details |
Untitled 3.png
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.101 Safari/537.36
Actual results:
Firefox is supporting old version of Real player plug-in which allows remote code execution.
Please find the security vulnerability details:-
http://service.real.com/realplayer/security/12202013_player/en/
http://service.real.com/realplayer/security/06272014_player/en/
Thanks
Chandra Mohan
Expected results:
Firefox should not support old versions of Real player plug-in.
|
||
Updated•10 years ago
|
Group: core-security → websites-security
Component: Untriaged → General
Product: Firefox → Plugin Check
Version: 35 Branch → unspecified
|
Assignee | |
Updated•10 years ago
|
Assignee: nobody → schalk.neethling.bugs
Component: General → Whistler
Priority: -- → P1
|
|
Assignee | |
Comment 1•10 years ago
|
||
So, in the database we currently have:
(2) RealJukebox NS Plugin
(1) RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)
(3) RealPlayer
(2) RealPlayer Version Plugin
(1) RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
Looking at each though, they all have the same version set as the latest aka 15.0.2.72 so, I am not sure why we need to track 5 different 'forms' of the plugin. Carsten? I assume historic reasons.
I will update all 5 with the information provided above but, I will need to figure out if there is any reason to track all those individually.
Thanks for reporting this.
Flags: needinfo?(cbook)
|
|
Assignee | |
Comment 2•10 years ago
|
||
The production database has been updated. Now I just need to figure out whether we actually need those five different product entries but, that is a separate bug.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
|
||
Comment 3•10 years ago
|
||
(In reply to Schalk Neethling [:espressive] from comment #1)
Carsten? I assume historic reasons.
yep exactly but i guess we can drop outdated/old stuff now
Flags: needinfo?(cbook)
|
||
Comment 4•10 years ago
|
||
Do we have Firefox plugin blocks for these versions of realplayer? This got moved to plugincheck, but since plugincheck and the AMO blocklist are separate we need to make sure that we update both of them.
Also, Schalk since this shipped can we remove the security flag?
Flags: needinfo?(schalk.neethling.bugs)
Flags: needinfo?(jorge)
|
|
Assignee | |
Comment 5•10 years ago
|
||
:bsmedberg, I reckon we can. I do not seem to have the needed rights to remove the flag though, so feel free to remove it if you are able. Thanks!
Flags: needinfo?(schalk.neethling.bugs)
|
||
Comment 6•10 years ago
|
||
There are no blocks for the Real Player plugin. To create a blocklist bug I'll need version and platform details.
Flags: needinfo?(jorge)
|
||
Updated•10 years ago
|
Group: websites-security
|
|
||
Comment 7•10 years ago
|
||
Jorge, do you need more details than the realplayer security bulletins from comment 0?
Flags: needinfo?(jorge)
|
|
||
Comment 8•9 years ago
|
||
Sorry for the delay, I filed bug 1222130 to deal with the block.
Flags: needinfo?(jorge)
You need to log in
before you can comment on or make changes to this bug.
Description
•