Closed Bug 1254728 Opened 10 years ago Closed 8 years ago

Plugin block request: Adobe Reader version 11.0.14, 15.010.20059 , 15.006.30119 and earlier versions

Categories

(Toolkit :: Blocklist Policy Requests, defect)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: guigs, Assigned: eviljeff)

References

Details

(Whiteboard: [plugin])

Attachments

(2 files)

2016-03-09_1555.png
342.08 KB, image/png
Details
2016-03-09_1627.png
600.94 KB, image/png
Details
Plugin name: Acrobat Reader, Reader DC, Acrobat Plugin versions to block: 11.0.14, 15.010.20059 , 15.006.30119 and earlier versions Applications, versions, and platforms affected: Windows and Mac Block severity: (soft) How does this plugin appear in about:plugins? File: AdobePDFViewerNPAPI.plugin or nppdf32.dll,nppdf32.dll Version: 15.010.20059 Description: Adobe® Acrobat® Plug-in for Web Browsers, Version 15.010.20059 or PDF Plug-In For Firefox and Netscape Homepage and other references and contact info: Reasons:https://helpx.adobe.com/security/products/acrobat/apsb16-09.html
Do the difference branches/tracks have different filenames?
Assignee: nobody → awilliamson
Flags: needinfo?(rmcguigan)
Attached image 2016-03-09_1555.png
DC looks like this
Flags: needinfo?(rmcguigan)
Attached image 2016-03-09_1627.png
DC is not available for mac, but X1 I added here and it is a different file path.
:kjoz, can you assist in getting some more detail on the plugin differences between the Continuous, Classic and XI/Desktop branches? Without some differentiation in filename or path, if we block from 0 to 15.010.20059 then we'll block everything, including the next version to 15.006.30119 and 11.0.14.
Flags: needinfo?(kjozwiak)
We are running into this as well with the plugin check page. Continuous for windows is 15.10.20056.36345 so blocking 15.10.20060 makes everything look vulnerable.
(In reply to Andrew Williamson [:eviljeff] from comment #4) > :kjoz, can you assist in getting some more detail on the plugin differences > between the Continuous, Classic and XI/Desktop branches? > > Without some differentiation in filename or path, if we block from 0 to > 15.010.20059 then we'll block everything, including the next version to > 15.006.30119 and 11.0.14. I'll try taking a look sometime this week.
(In reply to Andrew Williamson [:eviljeff] from comment #4) > :kjoz, can you assist in getting some more detail on the plugin differences > between the Continuous, Classic and XI/Desktop branches? > > Without some differentiation in filename or path, if we block from 0 to > 15.010.20059 then we'll block everything, including the next version to > 15.006.30119 and 11.0.14. I started looking at the Adobe documentation [1] that's available to see if I can find the download links to the different versions and see how they differentiate in FX. It looks like some of the versions of Acrobat/Reader will need some type of licensing (not 100% sure if they include a trail). Andrew, what information does your team need for the blocklist? A list of files/version #'s and correct paths for each platform? I believe we have several contacts at Adobe that we can use to get all this information. Would that be helpful? Let me know what you think! [1] http://www.adobe.com/devnet-docs/acrobatetk/tools/AdminGuide/whatsnewdc.html
Flags: needinfo?(kjozwiak) → needinfo?(awilliamson)
(In reply to Kamil Jozwiak [:kjozwiak] from comment #7) > Andrew, what information does your team need for the blocklist? A list of > files/version #'s and correct paths for each platform? I believe we have > several contacts at Adobe that we can use to get all this information. Would > that be helpful? A list of files/version #'s might be useful. Typically the match against a plugin version would be on some combination of the name, the filename, or the min/max versions. e.g. filename: AdobePDFViewerNPAPI.plugin, min-version: 0, max-version: 15.010.20059, name: ? - if the 'name' is different between branches then we can block up to 15.010.20059 on continuous and up to 15.006.30119 on classic. If the next version of both continuous and classic is going to be 15.010.20060 or above we're in clear (we'd block from 15.0 to 15.010.20059 for DC and deal with XI/Desktop as 0 to 11)
Flags: needinfo?(awilliamson)
This should already be covered by existing blocks.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: