Closed Bug 1275307 Opened 8 years ago Closed 8 years ago

Plugin block request: Adobe Flash player versions 21.0.0.226, 18.0.0.343, 11.2.202.616 and earlier

Categories

(Toolkit :: Blocklist Policy Requests, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: kjozwiak, Assigned: eviljeff)

References

()

Details

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  Adobe is aware of a report that an exploit for CVE-2016-4117 exists in the wild. Please refer to APSA16-02 for additional details.

https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
Assignee: nobody → awilliamson
Downloaded the available flash versions from the following location:
* https://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html

Windows 10 x64 VM: PASSED
=========================

File: NPSWF32_21_0_0_213.dll
Path: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll
Version: 21.0.0.213
State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE)
Shockwave Flash 21.0 r0
* build used: https://archive.mozilla.org/pub/firefox/nightly/2016/05/2016-05-25-06-37-10-mozilla-central/
* browser console: Blocklist state for Shockwave Flash changed from 0 to 4
* ensured that you can only select "Ask to Activate" and "Never Activate"
* ensured "Update Now" is correctly pointingt to: /firefox/blocked/p923

File: NPSWF32_18_0_0_343.dll
Path: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_343.dll
Version: 18.0.0.343
State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE)
Shockwave Flash 18.0 r0
* build used: https://archive.mozilla.org/pub/firefox/nightly/2016/05/2016-05-24-00-40-15-mozilla-aurora/
* browser console: Blocklist state for Shockwave Flash changed from 0 to 4
* ensured that you can only select "Ask to Activate" and "Never Activate"
* ensured "Update Now" is correctly pointingt to: /firefox/blocked/p922

File: NPSWF32_21_0_0_242.dll
Path: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll
Version: 21.0.0.242
State: Enabled
Shockwave Flash 21.0 r0
* build used: https://archive.mozilla.org/pub/firefox/releases/46.0.1/win32/en-US/
* browser console: Blocklist state for Shockwave Flash changed from 0 to 0
* ensured that you can only select "Always Activate"

File: NPSWF32_18_0_0_352.dll
Path: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_352.dll
Version: 18.0.0.352
State: Enabled
Shockwave Flash 18.0 r0
* build used: https://archive.mozilla.org/pub/firefox/releases/47.0b8/win32/en-US/
* browser console: Blocklist state for Shockwave Flash changed from 0 to 0
* ensured that you can only select "Always Activate"

Ubuntu 14.04.4 x64 VM: PASSED
=============================

File: libflashplayer.so
Path: /usr/lib/mozilla/plugins/libflashplayer.so
Version: 11.2.202.616
State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE)
Shockwave Flash 11.2 r202
* build used: https://archive.mozilla.org/pub/firefox/nightly/2016/05/2016-05-26-03-02-23-mozilla-central/
* browser console: Blocklist state for Shockwave Flash changed from 0 to 4
* ensured that you can only select "Ask to Activate" and "Never Activate"
* ensured "Update Now" is correctly pointingt to: /firefox/blocked/p921

File: libflashplayer.so
Path: /usr/lib/mozilla/plugins/libflashplayer.so
Version: 11.2.202.621
State: Enabled
Shockwave Flash 11.2 r202
* build used: http://archive.mozilla.org/pub/firefox/releases/46.0.1/linux-x86_64/en-US/
* browser console: Blocklist state for Shockwave Flash changed from 0 to 0
* ensured that you can only select "Always Activate"

OSX 10.11.5 x64 VM: PASSED
===========================

File: Flash Player.plugin
Path: /Library/Internet Plug-Ins/Flash Player.plugin
Version: 21.0.0.213
State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE)
Shockwave Flash 21.0 r0
* build used: https://archive.mozilla.org/pub/firefox/releases/47.0b8/mac/en-US/
* browser console: Blocklist state for Shockwave Flash changed from 0 to 4
* ensured that you can only select "Ask to Activate" and "Never Activate"
* ensured "Update Now" is correctly pointingt to: /firefox/blocked/p923

File: Flash Player.plugin
Path: /Library/Internet Plug-Ins/Flash Player.plugin
Version: 18.0.0.343
State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE)
Shockwave Flash 18.0 r0
* build used: https://archive.mozilla.org/pub/firefox/nightly/2016/05/2016-05-26-08-25-06-mozilla-central/
* browser console: Blocklist state for Shockwave Flash changed from 0 to 4
* ensured that you can only select "Ask to Activate" and "Never Activate"
* ensured "Update Now" is correctly pointingt to: /firefox/blocked/p922

File: Flash Player.plugin
Path: /Library/Internet Plug-Ins/Flash Player.plugin
Version: 18.0.0.352
State: Enabled
Shockwave Flash 18.0 r0
* build used: https://archive.mozilla.org/pub/firefox/releases/46.0.1/mac/en-US/
* browser console: Blocklist state for Shockwave Flash changed from 0 to 0
* ensured that you can only select "Always Activate"

File: Flash Player.plugin
Path: /Library/Internet Plug-Ins/Flash Player.plugin
Version: 21.0.0.242
State: Enabled
Shockwave Flash 21.0 r0
* build used: https://archive.mozilla.org/pub/firefox/nightly/2016/05/2016-05-26-00-40-16-mozilla-aurora/
* browser console: Blocklist state for Shockwave Flash changed from 0 to 0
* ensured that you can only select "Always Activate"
Flags: needinfo?(kjozwiak)
Blocks are live:

Flash Player Plugin on Linux 11.2.202.577 to 11.2.202.616 (click-to-play)
https://addons.mozilla.org/en-US/firefox/blocked/p1224

Flash Player Plugin 18.0.0.333 to 18.0.0.343 (click-to-play)
https://addons.mozilla.org/en-US/firefox/blocked/p1225

Flash Player Plugin 21.0.0.197 to 21.0.0.226 (click-to-play)
https://addons.mozilla.org/en-US/firefox/blocked/p1226
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Many of us are still having problems with this. We do not think this has been resolved, or fixed. Please e-mail me for examples, and screenshots of the problem. blckwidow@gmail.com Thank you for you're time.
> We do not think this has been resolved, or fixed. 

What's the issue that you're having? This particular bug didn't really fix anything other than block a known vulnerable version of flash. If a user was running either 21_0_0_213 or 18_0_0_343, they would receive a warning message in FX letting them know that they should update their versions of flash as the one they're using is vulnerable.

> Please e-mail me for examples, and screenshots of the problem

If you're having issues, just create a new bug under Toolkit:Blocklisting :)
You need to log in before you can comment on or make changes to this bug.