Check for update says Adobe Flash needs updating, but it's current

RESOLVED INVALID

Status

()

--
major
RESOLVED INVALID
4 years ago
4 years ago

People

(Reporter: scottls59901, Unassigned)

Tracking

35 Branch
x86
Windows 7
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

4 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:35.0) Gecko/20100101 Firefox/35.0
Build ID: 20150122214805

Steps to reproduce:

I updated to FF 35.0.1/restarted 3 times.
Did a plugin check for updates, and says I need to upgrade Flash/vulnerable-
Downloaded Adobe/exit FF/installed.
-open/closed 3 times, plugin check says I'm still out of date, but AF web Version check says I have the latest 16.0.0.287 installed!?


Actual results:

Updated Flash, but says I still need to update (NOT!).


Expected results:

FF Plugin check should say I'm up to date!

Win 7 Pro, ESET Smart Security v8 (only active AV).
(Reporter)

Updated

4 years ago
Severity: normal → major
16.0.0.296 is the most recent version
. https://www.adobe.com/products/flashplayer/distribution3.html

16.0.0.287 is an old version but some Adobe websites aren't updated and show this as most recent version.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → INVALID

Comment 2

4 years ago
Scott,

Your report is helpful.

The situation with Adobe Flash and the recent 0day vulnerabilities
has meant that there have been rapid changes:

See:
"Adobe Product Security Incident Response Team (PSIRT) Blog"
http://blogs.adobe.com/psirt/

3 recent Adobe Security Bulletins:

http://helpx.adobe.com/security/products/flash-player/apsa15-01.html

http://helpx.adobe.com/security/products/flash-player/apsb15-02.html

http://helpx.adobe.com/security/products/flash-player/apsb15-02.html


Mozilla is going to Blocklist the vulnerable versions of Flash.

See bug 1124654
"Blocklist request for flash 0days affecting version 16.0.0.287, 13.0.0.262, and 11.2.202.438".
This bug has most of the detail about timing.

As you noted the Plugincheck Website
https://www.mozilla.org/en-US/plugincheck/
does not always give accurate results.

In your case,
testing / checking Flash 16.0.0.287, using Firefox 35.0.1,
about 2015-01-26 13:34:18 PST
actually gave the correct result: Flash 16.0.0.287 was "vulnerable".

Schalk Neethling [:espressive] on 2015-01-25 at 06:20:49 PST
in bug 1124654 comment # 14 had updated the Plugincheck Database:
> Ok, I have updated the plugins database as follows:
> 
> Latest Win and Mac: 16.0.0.296
> Latest Win and Mac ESR: 13.0.0.264

So, you should have seen (and you did see)
Flash 16.0.0.287 reported as "vulnerable".

You may have seen that even Adobe's website
http://www.adobe.com/software/flash/about/
was not quite up to date in the last few days
(e.g. in bug 1124654 comment # 10 on 2015-01-24 at 04:30:56 PST). 

It was OK when I checked it earlier today.

So, in your case Scot, I recommend that you check Adobe's website
http://www.adobe.com/software/flash/about/

and compare it to what you see when you type "about:plugins" (without quote)
in the Firefox Address bar.

As Matthias Versen [:Matti] said in comment # 1:
> 16.0.0.296 is the most recent version

You might need to update Flash again.



I have seen about 4 hours ago, using Fx 34, and testing Plugincheck
with Flash 16.0.0.287 a report of "Up to Date" in error.

I have also seen the 'correct result',
Flash 16.0.0.287 reported as "vulnerable" (on Fx 35.0.1) and 
Flash 16.0.0.296 reported as "Up to Date" (on Fx 35.0.1).

I will add your report as well as my tests to
bug 1084537
"Flash sometimes displayed as up to date whilst vulnerable, on Windows 7".

DJ-Leith
You need to log in before you can comment on or make changes to this bug.