Open Bug 1083392 Opened 6 years ago Updated 3 years ago
Adobe Flash now 15
.0 .0 .189 - plug in check database needs updating [reported version is 15 .0 .0 .152]
Adobe Flash now 18.104.22.168 - plug in check database needs updating [reported version is 22.214.171.124]
(In reply to john ruskin from comment #0) > Adobe Flash now 126.96.36.199 - plug in check database needs updating [reported > version is 188.8.131.52] Win8 update showed updates, and I also ran plugin check on Fox 33.0, and the database showed version 152 as current. Adobe ran its own update check on WinUpdate Reboot, and showed 189 as current
Component: Plug-ins → General
Product: Core → Plugin Check
Why hasn't this been fixed? Win 7 x64 FF 31ESR and FF33 both reporting things fine with Flash 184.108.40.206, but on machine where Adobe auto-update has been installed, I'm warned to upgrade to 189. How do we confirm this bug so it no longer shows "unconfirmed".
For what it's worth, after the update to the .189 version, the plug in check reports .189 as current (out of curiosity, is the plugin checker reporting 'current', or reporting that the current installed version is "newer or equal to" the database understanding of current . . . ? ) ((Thus, I am not sure if the database holds the correct and current version value, or not)) If the plugin check as currently programmed reports "current" for "newer or equal to", I propose that the plugin check be amended to show one of three traits: "out of date", "Current", or "more recent" than the plugin check database. Should I report that suggestion as a new bug, or leave it here . . . ?
First, note three other bugs: Bug 1084537 "Flash sometimes displayed as up to date whilst vulnerable, on Windows 7" Schalk knew, on 2014-10-17, that some people were getting the 'wrong result' i.e. Flash "220.127.116.11" was being reported as "Up to Date" - IN ERROR. Bug 1087185 "Update plugincheck for flash player 18.104.22.168" This is another report: a possible Duplicate of this bug. Bug 1083170 "October Flash updates" Carsten Book updated the Plugincheck Database on 2014-10-15. Second, Adobe's Security Bulletin > Security updates available for Adobe Flash Player > Release date: October 14, 2014 > Vulnerability identifier: APSB14-22 > http://helpx.adobe.com/security/products/flash-player/apsb14-22.html DJ-Leith wrote in bug 1084537 comment # 1: > Schalk, > > I've been away and offline. > > When I returned, on 2014-10-15 in the evening, I did a plugincheck at > > LIVE - in my GB case > https://www.mozilla.org/en-GB/plugincheck > > Using Windows 7 (64 bit OS) with Fx 33. > > As I hoped and expected: > > Adobe Flash Player 22.214.171.124 > was correctly detected and reported as "vulnerable". > > Carsten Book had done Bug 1083170 "October Flash updates" on > 2014-10-15. So, all was OK then on 2014-10-15. > I updated Flash to 126.96.36.199 (both Fx and IE 9). Since then, 'something has gone wrong'. I think the 'communication from the Plugincheck Database' to the 'plugincheck website' is NOT working correctly. The evidence is in bug 1084537. (In reply to john ruskin from comment #3) > For what it's worth, after the update to the .189 version, the plug in check > reports .189 as current > > (out of curiosity, is the plugin checker reporting 'current', or reporting > that the current installed version is "newer or equal to" the database > understanding of current . . . ? ) ((Thus, I am not sure if the database holds > the correct and current version value, or not)) > > If the plugin check as currently programmed reports "current" for "newer or > equal to", I propose that the plugin check be amended to show one of three traits: > "out of date", "Current", or "more recent" than the plugin check database. > > Should I report that suggestion as a new bug, or leave it here . . . ? John, I agree with the thrust of your proposal: to track 'newer' plugins (i.e. the 'detected version' is newer [has a higher 'version number'] than the 'version in the Plugincheck Database'). https://bug1020133.bugzilla.mozilla.org/attachment.cgi?id=8472629 Here is an example screenshot. Source, and discussion of this screenshot, is in bug 1020133 comment # 16. There are many screenshots in that bug. Screenshot was taken on 2014-08-13. Using Aurora (so using the 'JSON List' method), and the en-GB version of plugincheck. This shows Flash as "vulnerable" - correct (in August) and Reader as "vulnerable" - WRONG. Being pedantic with the use of EXACT quotations from the 'plugincheck website'. The "Status" column uses the phrases "Up to Date" and "vulnerable". The coloured / colored 'buttons' in the "Action" column have "Up to Date" on a 'green button' and have "Update Now" on a 'red button'. The word "current" is not used. john ruskin wrote: > (out of curiosity, is the plugin checker reporting 'current', or reporting > that the current installed version is "newer or equal to" the database It is reporting "newer or equal to" the version in the Database as "Up to Date". Can the 'plugincheck website' detect "newer or equal to" plugins? Yes, I believe it can (see bug 956905 comment # 68). john ruskin wrote: > Should I report that suggestion as a new bug, or leave it here . . . ? See bug 850992 "Automate Plugincheck Script running on the Server to detect newest versions." This was proposed on 2013-03-13. I have commented there, today, and cited *this* bug. In my opinion, if bug 850992 were implemented, there would be no need to have the 'plugincheck website' SHOW a different result. What I mean is, "Up to Date" could continue to cover BOTH 'detected' a plugin which is a 'newer version than in the Plugincheck Database' and 'detected' a plugin which matches the "latest" version in the Plugincheck Database The reason I think this would be best is that there will often be cases where there are 'some new version' is released, e.g. Adobe release another version of Reader (or Flash). ONE alert, as proposed in bug 850992, should be better than many, many reports of 'I've just seen plugincheck tell me I've got a new version of XXXXXX that it does not know about, should I be reporting this?'. Your good idea; to track 'newer' plugins, which had been proposed in bug 850992, (had it been implemented) would have led to TWO alerts in *this* case: First, On 2014-1014 and 2014-10-15 BEFORE Bug 1083170 "October Flash updates" was done. Second, later on 2014-10-15 AFTER Bug 1083170 "October Flash updates" was closed, and in many days since then, that *some* people, who had now updated Flash to "188.8.131.52" (like you) were 'testing 184.108.40.206'. The 'website thinks' (very anthropomorphic) that Flash 220.127.116.11 is the "latest". This would trigger a SECOND 'new version alert'. DJ-Leith
I'm seeing this again with FF ESR 31.2.0 on Windows 8.1. Flash 18.104.22.168 is the current version, but 189 is installed and is reported in green as "up to date".
It's still broken. Now Flash Player is at version 22.214.171.124, but version 126.96.36.199 is being shown as "up to date". it's clear no one seems to care about making plugincheck work reliably (For Flash Player or Acrobat) and an unreliable "up to date" checker is just about worthless, as I have to go elsewhere to verify it's "really" up-to-date, or risk malware/viruses. A unreliable "up to date" checker is disservice to the community.
I am just giving a general status update here, and will copy this over to any other relevant bugs where a needinfo request has been logged for me. For the past quarter i.e. 1024-Q4, plugincheck has not been on my radar in any way, shape or form as I was moved to work on another project and 100% of my time was assigned to it. I have kept my eye on bugs etc. that has come an gone and have had the service in the back of my mind though and, from what I have seen this service is still very important to users and Mozilla for a variety of reasons which I will not go into here. With all of that said, during this time there was also some out reach done to other groups within in Mozilla to take over part, or all, responsibility for plugincheck but, as of right now, there has been no takers. AS I mentioned though, I completely understand and appreciate the importance of this service and, I also acknowledge that in it's recent, and current state, it does not provide the 'answers' users need but, I am moving pluginchck back as a top priority for myself in Q1 of 2015 and I am currently in the progress of planning for the year in general and then for Q1 specifically. I want to open this up to the user base to get your input on what is important and the biggest pain points but, have not decided how I will do this. Once all of these ducks are in a row, I will post a message to either a specific bug, to yammer or both. Please except my apologies for the steady decline of this service, thanks for your patience and continued feedback and I am certain that plugincheck is going to turn the corner in a positive way in 2015.
The plugincheck page should be fixed properly or closed. I spent a few minutes trying to figure out how to report it as a malware site to anti-malware vendors, but apparently it has to actually install malware to qualify rather than simply trick you into believing your plugins are up to date (which is almost as bad IMO).
You need to log in before you can comment on or make changes to this bug.