Closed Bug 1130559 Opened 9 years ago Closed 9 years ago

Firefox Plugin is telling me to update my Adobe Flash Player even though It is updated to the current Flash Player (Version of my Flash Player: 16,0,0,305 ).

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
35 Branch
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1183600

People

(Reporter: mandyh3in1, Assigned: espressive)

Details

Attachments

(1 file)

Plugincheck-JSON-List-with-line-numbers-2015-02-08.txt
164.49 KB, text/plain
Details 
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0
Build ID: 20150122214805

Steps to reproduce:

I clicked the check plugins button on Firefox and Firefox keeps showing I need to update my Adobe Flash Player. My Adobe Flash is running the most current update (Version: 16,0,0,305) . 


Actual results:

Nothing It keeps saying I need to update my Adobe Flash Player.


Expected results:

I would think the Firefox plugin check would update & stop telling me I'm vulnerable & need to update. =)
I just noticed that Firefox is showing I'm using version:16.0.0.296 Adobe is showing I'm using version: 16,0,0,305. Firefox was telling me to update the same thing yesterday, every time I tried to update through Firefox it crashed.  & I removed Adobe Flash & reinstalled it. But Firefox kept showing the same message so I removed Firefox & downloaded it again & it was still showing the same message. So ignored the Firefox warning thinking it would be fixed the next day. But today it is still showing the same thing. Sorry if that is to much info I have no clue what I'm suppose to do. =/ =)
I am getting the correct result: plugincheck is telling me that
"Adobe Flash Player" version 16.0.0.305 is "Up to Date".


Adobe have published 4 Adobe Security Bulletins, for Flash, so far in 2015.

https://helpx.adobe.com/security.html#flashplayer

The most recent one, which advises Windows and Macintosh users
to update to Adobe Flash Player 16.0.0.305, is APSB15-04.

> Adobe Security Bulletin
> Release date: February 5, 2015
> Vulnerability identifier: APSB15-04
https://helpx.adobe.com/security/products/flash-player/apsb15-04.html


(in reply to mandyh3in1 from comment #1)
Please can you check two things: detection by Firefox and detection by Adobe's web site.

1. Firefox's 'internal detection'.
  (i.e. NOT the version as detected by the 'Plugincheck Website').
mandyh3in1 said in comment # 1:
> Firefox is showing I'm using version:16.0.0.296

mandyh3in1,
please can you check this by typing "about:plugins" into the Firefox Address bar
(without the quotes)
to check the 'version that Firefox thinks is installed'.

I have the following:
> Shockwave Flash
> 
>     File: NPSWF32_16_0_0_305.dll
>     Path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
>     Version: 16.0.0.305
>     State: Enabled
>     Shockwave Flash 16.0 r0
This is Adobe Flash Player version 16.0.0.305.

Which version do you have (according to Firefox)?

  You can use the link at the top of this page "mozilla.com/plugincheck" which will redirect to
  the version of Plugincheck in your "locale" (language).

  In my case this is
  https://www.mozilla.org/en-GB/plugincheck/


2. Adobe's web site detection.
http://www.adobe.com/software/flash/about/

This page is usually accurate.
  I have noticed that it gave the 'wrong answer' once in the last few days.
  I speculate that this was because there have been so many versions of
  Flash released since 2015-01-22.

  I also recommend that you test that Internet Explorer, and any other
  browser that you have installed, at Adobe's web site.
  

In my case I have "16,0,0,305 installed" - according to Adobe's web site
  (sic commas not "16.0.0.305", the actual "File version" in the "NPSWF32_16_0_0_305.dll" File). 

Which version do you have (according to Adobe's web site)?

mandyh3in1 said in comment # 1:
> Adobe is showing I'm using version: 16,0,0,305

If you don't have the same version, as detected by Firefox and Adobe's web site,
then I think you may have to uninstall Flash and Install Flash 16.0.0.305.

If "about:plugins" shows that you have 'an old Flash' e.g. "16.0.0.296"
then the Plugincheck Website
https://www.mozilla.org/en-US/plugincheck/
should, if it is working correctly, tell you that your Flash is "vulnerable".

DJ-Leith
Running Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0
I have the exact same issue as mandy.  Both about:plugins and adobe's page both tell me I have 16.0.0.305 version of flash, yet plugincheck thinks I have 16.0.0.235.
(In reply to Sam Haycraft from comment #3)
> Both about:plugins and adobe's page both tell me I have 16.0.0.305 version of flash
Good, this is what one would expect.

> yet plugincheck thinks I have 16.0.0.235.
I have not seen this since May 2014 [6].

Sam,
please confirm, what I think you are reporting:
A. The Plugincheck Website reports that you have version "16.0.0.235" - IN ERROR.
AND
B. The Plugincheck Website also reports that your Flash is "vulnerable" - IN ERROR.

Do you have a screenshot that you can attach?


Further Reading

BACKGROUND
1. Background to the 'Plugincheck Service' see bug 956905 comment # 148 onwards.
  From May 2014 onwards Beta+ used the new 'JSON List' method and
  Release (and older) used the older 'existing method (using enumeration)'
  that had been used since the 'Plugincheck Service' started in 2009.
  I think when Firefox ESR users visit the 'Plugincheck Website'
  the checks are still done using the 'old method - enumeration'.
 
    N.B. AFAICT I think that 'Release has not been bumped on' and that
    Fx 35+ is using the 'JSON List' method of plugincheck.

2. In 2015 Schalk Neethling [:espressive] is going to progress this
by getting the 'Plugincheck Service' working correctly in Firefox before making
it work in most browsers: see the Meta bug 1121456 "PluginCheck for Firefox". 


Recent issues with Flash and Plugincheck:

3. The most recent Flash Blocklist bug is
bug 1128534 "(CVE-2015-0313) Blocklist flash 16.0.0.296 and earlier versions".
When Flash is blocklisted there is a lot of traffic to the 'Plugincheck Website'.

4. on 2015-02-05 at 01:17:48 PST Schalk Neethling added Flash 16.0.0.305 to
the 'Plugincheck Database' (bug 1129833 "Flash 16.0.0.305 released").
So, providing there are no issues [like 5] users *should* be told that
their 'old Flash' e.g. "16.0.0.235" or "16.0.0.296" is "vulnerable".
  
5. Issues where AFTER the 'Plugincheck Database' has been updated,
visitors to the 'Plugincheck Website' get the 'wrong report':
their 'old and now vulnerable Flash Plugin' is reported as "Up to Date" - IN ERROR.
This is the opposite of this bug and is a false sense of security.
Bug 1084537 "Flash sometimes displayed as up to date whilst vulnerable, on Windows 7"
Illustrates an example of this, going back to 2014-10-17.


6. I think this bug is another example of
bug 1010132 "Flash 13.0.0.206 shown as up to date".

Readers will recall, from [1] - above, that Firefox 35 is now using the
'JSON List' method.  From May 2014 until the Fx 35 was released
the Release version of Firefox used the 'old method - enumeration of the plugins'.
I speculate that the vast majority of visitors to the 'Plugincheck Website'
are NOT Nightly, Aurora (DevEd) or Beta users but are using Release (or older).

Also, bear in mind that there have been many changes to the
'Plugincheck Database' as Adobe have released many versions of Flash 16.0.0.xxx
since 2015-01-22.

Schalk,
I think this issue may be similar to bug 1020133 "Improve Adobe Acrobat plugin reporting",
where, using the 'JSON List', it was difficult the get a 'correct report for Adobe Reader'.
This was the main reason why, between May 2014 and the release of Fx 35 on 2015-01-13,
you had the 'Plugincheck Website' use enumeration for Release (and NOT use the 'JSON List').

DJ-Leith
Flags: needinfo?(schalk.neethling.bugs)
Thank you so much for opening this bug. PluginCheck is going through a huge rewrite. The results you are seeing is definitely incorrect. Please also let us now the OS you are on, so we can add this to our test suite.

We want to provide a service that is dependable and really appreciate your feedback in helping us do that.
Flags: needinfo?(schalk.neethling.bugs)
Is it Windows for everyone here?
Windows here.  I have solved my problem and I'll tell you what the issue was.  On further inspection I noticed there were actually 2 flash dll's on the about:plugin page, the one you would expect, plus one from a folder from a program called Arc, from Perfect World entertainment, which I had installed as a launcher for a video game  (see http://www.arcgames.com/en/games).  I guess this is tied to an arc plugin for firefox that installed itself with the Arc program.  The dll for this does not indicate version number, but I'm guessing it's probably out of date.  I disabled the Arc plugin and plugincheck reports flash is up to date.  I don't even know why Arc needs a browser plugin, but I'm certainly not pleased to say the least.  Anyways, let me know if I can give any further details that can help.
See "Plugincheck-JSON-List-with-line-numbers-2015-02-08.txt".

Schalk,

https://support.cdn.mozilla.net/media/uploads/images/2015-02-07-11-41-19-3afbd9.png
Screenshot
See bug 1130789 "Plugin check mistakes RealPlayer plugin for Adobe Flash"

Here is a similar situation: plugincheck is detecting two plugins that
'can deal with Flash files'.  I speculate a match with the MIME Type


> 1967       'mimes': [
> 1968         'application/x-shockwave-flash',
> 1969         'application/futuresplash'

At plugincheck both are 'Named' / 'reported as' "Adobe Flash Player"
because the "display_name", at the match, is "Adobe Flash Player"

> 0012       'display_name': 'Adobe Flash Player',

DJ-Leith
Newest Version Adobe Flash Player "Shockwave Flash 16.0.0.296" is detected as being out of date and must be updated.  Extremely annoying.  No option to Always Activate.  Seems to be misidentified as Shockwave Flash 11.0 through 11.7 which is always blocked.
(In reply to ko111155 from comment #9)
> Newest Version Adobe Flash Player "Shockwave Flash 16.0.0.296" is detected
> as being out of date and must be updated.  Extremely annoying.  No option to
> Always Activate.  Seems to be misidentified as Shockwave Flash 11.0 through
> 11.7 which is always blocked.

Hey there, so .296 is not only out of date but vulnerable and you should update to .305
http://get.adobe.com/flashplayer/

Security bulletin: https://helpx.adobe.com/security/products/flash-player/apsa15-02.html
Adobe says I have 16.0.0.305
Firefox thinks I have 16.0.0.287

I've installed the most up to date version at least 5 times. I've also uninstalled flash and deleted pluginreg.dat. But firefox continues to report that I have an outdated version and need to update, despite that version no longer being on my computer at all.
I found a way to fix it, but keep in mind that it is NOT up to the USERS to fix firefox problems. There IS a workaround, but firefox NEEDS to fix this problem anyway.

Go to: C:\Windows\System32\Macromed\Flash

Delete any files that show an incorrect version number (Keep everything that has the correct version number and everything the doesn't show a version number)

Go to: Help>Troubleshooting Information>Profile Folder>Show Folder

Delete Pluginreg.dat

Restart firefox

This worked for me, and firefox now shows the correct version number.
(In reply to neopeeves from comment #12)
> I found a way to fix it, but keep in mind that it is NOT up to the USERS to
> fix firefox problems. There IS a workaround, but firefox NEEDS to fix this
> problem anyway.
> 
> Go to: C:\Windows\System32\Macromed\Flash
> 
> Delete any files that show an incorrect version number (Keep everything that
> has the correct version number and everything the doesn't show a version
> number)
> 
> Go to: Help>Troubleshooting Information>Profile Folder>Show Folder
> 
> Delete Pluginreg.dat
> 
> Restart firefox
> 
> This worked for me, and firefox now shows the correct version number.

Thank you for the information, I will look into this. Strange one though :-/
I guess that I can reproduce the bug here under Linux (Fedora 22, Firefox 39, flash plugin downloaded from Adobe).

After updating the flash plugin under Linux (Fedora 22) to 11.2.202.491, Firefox insisted that the vulnerable  11.2.202.481 was installed and continued to block flash content.

I updated the flash plugin manually by installing the RPM provided by Adobe this week. At the time of the update, Firefox under my normal user account was running and displaying a Youtube webpage in an open tab. I had allowed flash content for the site youtube.com and to remember that before. Even after closing and restarting firefox, about:plugins told me that the vulnerable flash plugin 111.2.202.481, even after I removed the flash plugin, checked that nothing was left from it and reinstalled the 11.2.202.491 rpm, and even after rebooting the computer. Even though about:plugins displayed the wrong version number of the flash plugin, the context menu of the flash player (right click in a flash video) displayed the correct version number 11.2.202.491.

While Firefox run under my normal user account still insisted that the flash plugin was "11.2.202.481 state vulnerable no update available", about:plugins in another instance of Firefox run under a different user account at the same time (kdesu -u alternativeuser /usr/local/firefox/firefox) showed the correct version number 11.2.202.491 and didn't block flash content.

Clearing the complete history didn't solve the problem. After deleting the firefox profile (rm -rf ~/.mozilla/firefox) and restoring it from a backup that I've made a week before, about:plugins showed the correct version number of the flash plugin and no longer blocked flash content. I assume that allowing flash content under the vulnerable plugin 11.2.202.481 on youtube.com and choosing to remember that caused the problem.

Used Firefox version: Firefox 39.0 64-bit from mozilla.com, unpacked to /usr/local. The bug also occurred under the Firefox version provided by the Fedora project (firefox-39.0-8.fc22.x86_64).

Since Firefox now blocks vulnerable plugins, it has to be made sure that Firefox correctly identifies the installed version of the plugin. Blocking a plugin that is falsely identified as vulnerable is pathetic.
Does this problem occur on about:plugins only or, do you also see this on mozilla.org/plugincheck
In about:plugins, you should see Path: C:\Windows\system32\Macromed\Flash\NPSWF32_XX_X_X_XXX.dll; C:\Windows\system32\Macromed\Flash\NPSWF32_XX_X_X_XXX.dll if you're having this problem. Obviously, there should be only one. So go to this folder, close firefox, skype, and anything else using flash. Delete ALL the files that have the old version number (Don't delete anything that has the new version number or that doesn't have a version number), then restart firefox. It should give you the current version now.
I actually meant to ask whether you see this in about:addons only or on mozilla.org/plugincheck

Thanks!
(In reply to Schalk Neethling [:espressive] from comment #15)
> Does this problem occur on about:plugins only or, do you also see this on
> mozilla.org/plugincheck

The problem also occured in mozilla.org/plugincheck, sorry I forgot to mention it.

I'd like to add that this bug almost prevented me from looking for an update for the flash player because about:plugins claimed that there was no update available. I accidentally saw that there was an update when I ran apt-get upgrade on Ubuntu on a different machine.
Assignee: nobody → schalk.neethling.bugs
I am going to dupe this to https://bugzilla.mozilla.org/show_bug.cgi?id=1183600 as the problem is very similar in nature. Please continue any continued issues there. Thanks!
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
This is still an issue on fedora with firefox 52.0.2, I had to delete pluginreg.dat to update the flash version.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: