Closed
Bug 1190630
Opened 9 years ago
Closed 9 years ago
Please block plugin due to vulnerability
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
FIXED
2015-08
People
(Reporter: psirt, Assigned: jorgev)
Details
(Whiteboard: [qa-])
Please block: Extension: odtffplugin.xpi Name: IBM Endpoint Manager for Remote Control - Firefox Plugin ID: odtffplugin@ibm.com Vulnerable versions: Min: 9.0.1.1 Max: 9.0.1.100 Thanks Lisa IBM PSIRT Operations
|
Assignee | |
Comment 1•9 years ago
|
||
Hello Lisa, Can you give me more details about this block, like: * Is this an internal add-on that you use? * Are there updates available that aren't vulnerable? * What is the vulnerability? I might also need to use your contact address (psirt@) to verify your identity. Is that okay?
Assignee: nobody → jorge
Status: UNCONFIRMED → NEW
Ever confirmed: true
Hi I am reaching out to the development team to find out the information you need. Can you explain what you need from me to verify my identity? Thanks Lisa
|
|
Assignee | |
Comment 3•9 years ago
|
||
(In reply to IBM PSIRT from comment #2) > I am reaching out to the development team to find out the information you > need. Thanks. > Can you explain what you need from me to verify my identity? I sent an email just now in order to verify your registered email address.
Hi Jorge,
Here are the answers to your questions:
1) Is this an internal add-on that you use?
No, the add-on is shipped as part of IBM Endpoint Manager for Remote Control. It is also used by an IBM cloud service called IBM Assist On-site. In the case of the Endpoint Manager application, it is used by IBM customers for remote control with their customers, so the add-on can be installed on computers belonging to organizations or individuals who have no relationship with IBM.
2) Are there updates available that aren't vulnerable?
Yes, fixed versions of the plugin were shipped with IBM Endpoint Manager for Remote Control fix packs (IF0008) released July 30th. Version 9.0.1.0803 and version 9.1.0.0804
Assist On-site will be updated during a maintenance window next week (AOS uses version 9.1.1.0049)
3) What is the vulnerability?
IBM Remote Control on demand plugin could leave a machine vulnerable to run untrusted code|
|
Assignee | |
Comment 5•9 years ago
|
||
The block has been added: https://addons.mozilla.org/en-US/firefox/blocked/i982
Group: client-services-security
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Whiteboard: [qa-]
|
||
Updated•8 years ago
|
Product: addons.mozilla.org → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•