Right now we get a pretty useless version string from Flash ("Shockwave Flash 11.1 r115"). We should be able to get the real version string ("22.214.171.124" or similar). This will make things like plugincheck work.
There are no more updates for Android Flash. It is likely vulnerable to the current 0day that is out there. While click to play helps some, an ad network could still have a malicious swf that attacks our users.
There are known vulnerabilities for 126.96.36.199 at least and I haven't found any for the latest (188.8.131.52). We can at least make sure people are updated to that and aware of the risks.
Flash is going away (bug 1381916), so there's no point in pursuing this further.
Status: NEW → RESOLVED
Last Resolved: 8 months ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.