Closed Bug 1117189 Opened 9 years ago Closed 9 years ago

Plugincheck Database - Review and correct Adobe Reader 11.0.9 vs 11.0.09 ("nppdf32.dll" is "11.0.9.29")

Categories

(Plugin Check Graveyard :: Database, defect)

Product:
Plugin Check Graveyard
Component:
Database
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: dj.4bug, Unassigned)

Details

Summary:
As the 'Plugincheck Database' has an entry for "11.0.09" for Windows,
since 2014-12-12 at 00:39:33 PST (see bug 1109858).
Reader "11.0.9.29" continues to be reported as "Up to Date" IN ERROR.

Until this is corrected the inaccurate report will continue.


More information:
The 'Plugincheck Database' has an entry for "11.0.09" for Windows:

(see bug 1084537 comment # 32) 
> 0444         'version': '11.0.09',
> 0445         'detected_version': '11.0.09',
> 0446         'detection_type': '*',
> 0447         'os_name': 'win',
> 0448         'app_id': '*',
> 0449         'app_release': '*',
> 0450         'app_version': '*',
> 0451         'locale': '*',

This is NOT correct for the Windows plugin.

Note:
It is possible that the metadata in an actual Macintosh 11.0.9 plugin
might be in the form '11.0.09.xx'.

Before changing the Plugincheck Database,
please check the metadata in an actual Macintosh 11.0.9 plugin.

If the Macintosh plugin has the metadata "11.0.09.xx" then
ADD an entry for Macintosh: e.g. "11.0.09.0" (if there is no entry for Macintosh).

If the Macintosh plugin has the metadata "11.0.9.xx",
like the Windows plugin "11.0.9.29",
then JUST correct the Windows plugin to become "11.0.9.0"
(and the Macintosh plugin, if there is a separate record for Macintosh). 


Background:
Adobe use the naming convention with a "09" in their Security Bulletins e.g.
http://helpx.adobe.com/security/products/reader/apsb14-28.html
> Users of Adobe Reader XI (11.0.09) and earlier versions should ...
and also in their
Reader Menu, Help, About Adobe Reader XI

However, they do NOT use the "09" in the plugin metadata for Windows.

The Plugincheck Website actually uses the metadata to 'assess the plugin'
and it compares it to data that came from the Plugincheck Database
(using either the 'dynamic URLs' (https://plugins.mozilla.org/pfs/v2?appID= ...)
or the 'JSON List').

For more detail see bug 1020133 comment # 62.

On Windows 7 64bit OS, using Firefox, in "about:plugins", we have the
following for the Adobe Reader (AKA Adobe Acrobat) plugin "11.0.9.29":

> Adobe Acrobat
> 
>     File: nppdf32.dll,nppdf32.dll
>     Path: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\browser\nppdf32.dll,
>              C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
>     Version: 11.0.9.29
>     State: Enabled
>     Adobe PDF Plug-In For Firefox and Netscape 11.0.9


https://bug1084537.bugzilla.mozilla.org/attachment.cgi?id=8535935
"Fx-34-Flash-15-0-0-246-WRONG-Reader-11-0-9-29-WRONG-2014-12-12.png"
Screenshot, from bug 1084537 comment # 19.

> "Fx-34-Flash-15-0-0-246-WRONG-Reader-11-0-9-29-WRONG-2014-12-12.png"
> 
> 2 of 3
> 
> Fx 34, 2014-12-12, 19:10 GMT (2014-12-12, 11:10 PST)
> 
> 
> Flash and Reader are WRONG.
> Flash should be at version "16.0.0.235" for "Up to Date",
> Added to the Plugincheck Database on 2014-12-10 at 01:13:58 PST in bug 1109488
> 
> Reader should be at version "11.0.10.xx" for "Up to Date", 
> Added to the Plugincheck Database on 2014-12-12 at 00:39:33 PST in bug 1109858

Screenshot shows "11.0.9.29" has been 'detected'.
The name "Adobe Acrobat" (sic) and the version "11.0.9.29" come from the
metadata in the plugin "nppdf32.dll".
  When the 'JSON List' is being used the plugin name would be "Adobe Reader",
  which comes from the 'JSON List'.

Note also:
The metadata "File version" field is used for the version in the "Status" column,
as has been documented for VLC plugin "npvlc.dll".
  I am using VLC because, as can be seen in the screenshot (link is below),
  and in 'bugs about VLC' (e.g. bug 1089012 - which is not fixed),
  VLC use diffferent metadata, in different fields, for 'effectivly the
  same release of VLC'.  This makes it hard to do an 'accurate Plugincheck'.
  However, for this bug, it provides evidence that the "File version" field
  is used for the version in the "Status" column at the Plugincheck Website.

https://bug1038685.bugzilla.mozilla.org/attachment.cgi?id=8491651
Screenshot, discussed in bug 1038685 comment # 10, where Dan Pernokis wrote:
> VLC:
> The metadata for npvlc.dll says "2.1.0.0".  So the plugin file's metadata
> contains the trailing ".0" -- makes sense, so they can build/create and 
> issue several renditions of a file without changing the inherent version ID.
> 
> FF about:plugins shows this:
> > VLC Web Plugin
> >     File: npvlc.dll
> >     Path: C:\Program Files\VideoLAN\VLC\npvlc.dll
> >     Version: 2.1.0.0
> >     State: Enabled
> >     VLC media player Web Plugin 2.1.0

I will keep my Reader "11.0.9.29" plugin and will continue to test.
I will report when I see "11.0.9.29" reported as "vulnerable".

DJ-Leith
Assignee: nobody → schalk.neethling.bugs
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
I am still seeing Adobe Reader "11.0.9.29" reported as "Up to Date":
using Aurora and Release, in Error.

I have also seen the 'correct result', "11.0.10.32" being reported as "Up to Date".

> I will keep my Reader "11.0.9.29" plugin and will continue to test.
> I will report when I see "11.0.9.29" reported as "vulnerable".

DJ-Leith
Schalk,

I'm pleased that plugincheck is showing results again
(after bug 1132289 - and duplicates, bug 1132471 and bug 1132379).

Thanks for sorting that.

I am still seeing Adobe Reader "11.0.9.29" reported as "Up to Date":
using Aurora and Release, in Error.

DJ-Leith
(In reply to DJ-Leith from comment #2)
> Schalk,
> 
> I'm pleased that plugincheck is showing results again
> (after bug 1132289 - and duplicates, bug 1132471 and bug 1132379).
> 
> Thanks for sorting that.
> 
> I am still seeing Adobe Reader "11.0.9.29" reported as "Up to Date":
> using Aurora and Release, in Error.
> 
> DJ-Leith

Looking into this. Thanks DJ
Assignee: schalk.neethling.bugs → nobody
Status: ASSIGNED → NEW
(from comment # 0)
> I will keep my Reader "11.0.9.29" plugin and will continue to test.
> I will report when I see "11.0.9.29" reported as "vulnerable".

I am still seeing Adobe Reader "11.0.9.29" reported as "Up to Date":
using Aurora and Release, in Error.

Schalk,

If you don't have time to look at this please can you ask somebody, 
who can update the Plugincheck Database, to look at this bug.

I have deliberately NOT updated Reader on one of my computers.
I still have a "11.0.9.29" version, in order to help test plugincheck.
I know it is vulnerable (since 2014-12-09 - I filed bug 1109858).

I anticipate that Adobe will shortly be updating Reader to mitigate bugs
that were found at Pwn2Own 2015.

https://threatpost.com/all-major-browsers-fall-at-pwn2own-day-2/111731
by Chris Brook
March 20, 2015, 11:26 am

The blog post ends:
... ...
> With Pwn2Own, a hacking competition hosted by HP's Zero Day Initiative
> and Google's Project Zero, drawing to a close the final tally for bugs
> over the past two days is as follows:
> 
>   * Microsoft Windows: 5 bugs
>   * Microsoft IE 11: 4 bugs
>   * Mozilla Firefox: 3 bugs
>   * Adobe Reader: 3 bugs
>   * Adobe Flash: 3 bugs
>   * Apple Safari: 2 bugs
>   * Google Chrome: 1 bug
>   * $442,500 paid out to researchers

So, I would like to test and verify that plugincheck correctly reports 
Adobe Reader "11.0.9.29" as "vulnerable" - and then update Reader to a
less vulnerable version.

https://helpx.adobe.com/security/products/reader.html

DJ-Leith
Flags: needinfo?(schalk.neethling.bugs)
(In reply to DJ-Leith from comment #4)
> (from comment # 0)
> > I will keep my Reader "11.0.9.29" plugin and will continue to test.
> > I will report when I see "11.0.9.29" reported as "vulnerable".
> 
> I am still seeing Adobe Reader "11.0.9.29" reported as "Up to Date":
> using Aurora and Release, in Error.
> 
> Schalk,
> 
> If you don't have time to look at this please can you ask somebody, 
> who can update the Plugincheck Database, to look at this bug.
> 
> I have deliberately NOT updated Reader on one of my computers.
> I still have a "11.0.9.29" version, in order to help test plugincheck.
> I know it is vulnerable (since 2014-12-09 - I filed bug 1109858).
> 
> I anticipate that Adobe will shortly be updating Reader to mitigate bugs
> that were found at Pwn2Own 2015.
> 
> https://threatpost.com/all-major-browsers-fall-at-pwn2own-day-2/111731
> by Chris Brook
> March 20, 2015, 11:26 am
> 
> The blog post ends:
> ... ...
> > With Pwn2Own, a hacking competition hosted by HP's Zero Day Initiative
> > and Google's Project Zero, drawing to a close the final tally for bugs
> > over the past two days is as follows:
> > 
> >   * Microsoft Windows: 5 bugs
> >   * Microsoft IE 11: 4 bugs
> >   * Mozilla Firefox: 3 bugs
> >   * Adobe Reader: 3 bugs
> >   * Adobe Flash: 3 bugs
> >   * Apple Safari: 2 bugs
> >   * Google Chrome: 1 bug
> >   * $442,500 paid out to researchers
> 
> So, I would like to test and verify that plugincheck correctly reports 
> Adobe Reader "11.0.9.29" as "vulnerable" - and then update Reader to a
> less vulnerable version.
> 
> https://helpx.adobe.com/security/products/reader.html
> 
> DJ-Leith

Sure thing, there is a group of people who now specifically look after content updates so I will point them to this bug.
Flags: needinfo?(schalk.neethling.bugs)
Flags: needinfo?(mgrimes)
Thanks for the heads up. Rachel, do you want to take this one and I'll verify?
Flags: needinfo?(mgrimes) → needinfo?(rmcguigan)
11.0.9.29 is marked as vulnerable for win and mac versions. 
DJ-Leith can you confirm the change?
Flags: needinfo?(rmcguigan) → needinfo?(dj.4bug)
VERIFIED

However, I can only confirm the Windows version
(Windows 7 64 bit OS, 32 bit version of Firefox / DevEd).

Using
Firefox Release [36.0.4] and
DevEd [38.0a2 (2015-03-23)]

both
https://www.mozilla.org/en-US/plugincheck/
(the default if you 'click the link' in "about:plugins")

https://www.mozilla.org/en-US/plugincheck/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=plugincheck-update
(the default if you 'click the link' in "about:addons", at the top of the "Plugins" Tab)

Now report Adobe Reader "11.0.9.29" as "vulnerable" - correct!

Thank you for sorting this rmcguigan.

DJ-Leith

PS
I was expecting to see a GB page for Plugincheck
e.g.
https://www.mozilla.org/en-GB/plugincheck/

but it is late here and I'll open another bug if this continues.
Flags: needinfo?(dj.4bug)
From comment # 8
> PS
> I was expecting to see a GB page for Plugincheck
> e.g.
> https://www.mozilla.org/en-GB/plugincheck/
> 
> but it is late here and I'll open another bug if this continues.

I filed
bug 1153448 "L10N Plugincheck, locale missing, en-GB has become en-US"
for this.

(In reply to rmcguigan from comment #7)
> 11.0.9.29 is marked as vulnerable for win and mac versions. 
> DJ-Leith can you confirm the change?
I can't test the Mac plugin.

Please close this bug, I can't, as the Windows plugin,
which is OK (since comment # 7 on 2015-03-23 - see comment # 8),
was the only reported case.

DJ-Leith
Will do, I will follow up on the other Reader bugs as well.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.