Closed Bug 1111356 Opened 10 years ago Closed 10 years ago

Firefox offers conflicting information regarding plugin vulnerability

Categories

(Core Graveyard :: Plug-ins, defect)

Product:
Core Graveyard
Component:
Plug-ins
Version:
34 Branch
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1110578

People

(Reporter: rvalkass, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:34.0) Gecko/20100101 Firefox/34.0
Build ID: 20141201111703

Steps to reproduce:

Opened a website containing Macromedia Flash content.


Actual results:

Firefox blocks the plugin and inserts into the website a message/banner informing the user that "This plugin us vulnerable and should be updated" along with a link to "Check for updates..."

Upon clicking the "Check for updates..." link the user is informed that the plugin is in fact up to date, with no way to update the plugin Firefox is blocking.

The above two statements are contradictory and confusing to users.


Expected results:

Both statements should agree with one another, and whichever one is incorrect should be corrected.
What's your Flash plugin version?
Component: Untriaged → Plug-ins
Flags: needinfo?(rvalkass)
Product: Firefox → Core
There are/were issues with the plugincheck site.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
(In reply to Loic from comment #1)
> What's your Flash plugin version?

11.2.202.424
Flags: needinfo?(rvalkass)
(In reply to rvalkass from comment #3)
> (In reply to Loic from comment #1)
> > What's your Flash plugin version?
> 
> 11.2.202.424

Read: https://helpx.adobe.com/security/products/flash-player/apsb14-27.html
"Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.425."
(In reply to Loic from comment #4)
> (In reply to rvalkass from comment #3)
> > (In reply to Loic from comment #1)
> > > What's your Flash plugin version?
> > 
> > 11.2.202.424
> 
> Read: https://helpx.adobe.com/security/products/flash-player/apsb14-27.html
> "Users of Adobe Flash Player for Linux should update to Adobe Flash Player
> 11.2.202.425."

Don't see the relevance of that link. Version 11.2.202.424 is vulnerable. I already knew that. As the title of the bug says "Firefox offers conflicting information regarding plugin vulnerability". Providing a link to Adobe's website doesn't resolve the fact that Firefox offers conflicting information to end users, and in this case is actually *encouraging* end users to use a version of Flash that has a critical vulnerability by informing users that version 11.2.202.424 is actually up to date.
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.