Closed
Bug 1263476
Opened 8 years ago
Closed 8 years ago
Plugin block request: Flash Player 21.0.0.197, 18.0.0.333, 11.2.202.577 and earlier
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
FIXED
People
(Reporter: philipp, Assigned: eviljeff)
Details
(Whiteboard: [plugin])
Plugin name: Adobe Flash Player Plugin versions to block: 21.0.0.197, 18.0.0.333, 11.2.202.577 and earlier Applications, versions, and platforms affected: Windows Block severity: How does this plugin appear in about:plugins? File: NPSWF32_21_0_0_197.dll/NPSWF64_21_0_0_197.dll Version: 21.0.0.197 Description: Shockwave Flash 21.0 r0 Homepage and other references and contact info: https://helpx.adobe.com/security/products/flash-player/apsb16-10.html Reasons: According to Kaspersky the zero-day that got fixed hastily last week is already "aggressively distributed in two exploit kits" and used to infect victims with cryptolocker ransomware. https://threatpost.com/latest-flash-zero-day-being-used-to-push-ransomware/117248/
Assignee | ||
Updated•8 years ago
|
Assignee: nobody → awilliamson
Assignee | ||
Comment 1•8 years ago
|
||
https://addons-dev.allizom.org/en-US/firefox/blocked/p817 https://addons-dev.allizom.org/en-US/firefox/blocked/p819 https://addons-dev.allizom.org/en-US/firefox/blocked/p819 blocks staged, test please.
Flags: needinfo?(kjozwiak)
Comment 2•8 years ago
|
||
Andrew, I'm on PTO this week and won't be able to get to this until Tuesday April 19th. If this can't wait till then, maybe you can ping the SV team and see if they can go through the blocklist using the wiki [1]. They can also take a look at an older bug [2] if they need an example. If this can wait will Tuesday April 19th, I'll handle it :) [1] https://wiki.mozilla.org/Blocklisting/Testing [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1235435
Comment 3•8 years ago
|
||
I can confirm for p817, but couldn't get a working Linux setup to test this :| Maybe Matt can continue here?
Flags: needinfo?(mwobensmith)
Assignee | ||
Comment 4•8 years ago
|
||
the second block was supposed to be: https://addons-dev.allizom.org/en-US/firefox/blocked/p818
Comment 5•8 years ago
|
||
I think the SV team is on board to test this in Kamil's absence, as per comment 2. Florin, do you know who might have the ability to do this?
Flags: needinfo?(mwobensmith) → needinfo?(florin.mezei)
Comment 6•8 years ago
|
||
Setting ni? to Andrei so we can get someone on this tomorrow morning.
Flags: needinfo?(florin.mezei) → needinfo?(andrei.vaida)
Comment 7•8 years ago
|
||
I've managed to complete the requested testing on the following environments: Windows 10x86 ------------- 21.0.0.197 File: NPSWF32_21_0_0_197.dll Path: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll Version: 21.0.0.197 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 21.0 r0 -> Checked Logging: Blocklist state for Shockwave Flash changed from 0 to 4 -> Correctly being pointed towards: /blocked/p817 -> Ensured you cannot select "always active" under about:addons -> Build used: 48.0a1 Nightly, buildID 20160412050029. 18.0.0.333 File: NPSWF32_18_0_0_333.dll Path: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_333.dll Version: 18.0.0.333 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 18.0 r0 -> Checked Logging: Blocklist state for Shockwave Flash changed from 0 to 4 -> Correctly being pointed towards: /blocked/p818 -> Ensured you cannot select "always active" under about:addons -> Build used: 46.0b10, buildID 20160411042519. Ubuntu 14.04 x64 ---------------- 11.2.202.554 File: libflashplayer.so Path: /usr/lib/mozilla/plugins/libflashplayer.so Version: 11.2.202.577 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 11.2 r202 -> Checked Logging: Blocklist state for Shockwave Flash changed from 0 to 4 -> Correctly being pointed towards: /blocked/p819 -> Ensured you cannot select "always active" under about:addons -> Build used: 46.0b10, buildID 20160411042519. MAC OS X 10.10.5 ---------------- 21.0.0.197 File: Flash Player.plugin Path: /Library/Internet Plug-Ins/Flash Player.plugin Version: 21.0.0.197 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 21.0 r0 -> Checked Logging: Blocklist state for Shockwave Flash changed from 0 to 4 -> Correctly being pointed towards: /blocked/p817 -> Ensured you cannot select "always active" under about:addons -> Build used: Fx 45.0.2, buildID 20160407164938. 18.0.0.333 File: Flash Player.plugin Path: /Library/Internet Plug-Ins/Flash Player.plugin Version: 18.0.0.333 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 18.0 r0 -> Checked Logging: Blocklist state for Shockwave Flash changed from 0 to 4 -> Correctly being pointed towards: /blocked/p818 -> Ensured you cannot select "always active" under about:addons -> Build used: 48.0a1 Nightly, buildID 20160413030239.
Flags: needinfo?(kjozwiak)
Flags: needinfo?(andrei.vaida)
Assignee | ||
Comment 8•8 years ago
|
||
Blocks are live: Flash Player Plugin 20.0.0.306 to 21.0.0.197 (click-to-play) https://addons.mozilla.org/blocked/p1148 Flash Player Plugin 18.0.0.329 to 18.0.0.333 (click-to-play) https://addons.mozilla.org/blocked/p1149 Flash Player Plugin on Linux 11.2.202.569 to 11.2.202.577 (click-to-play) https://addons.mozilla.org/blocked/p1150
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•