Closed
Bug 1275307
Opened 8 years ago
Closed 8 years ago
Plugin block request: Adobe Flash player versions 21.0.0.226, 18.0.0.343, 11.2.202.616 and earlier
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
FIXED
People
(Reporter: kjozwiak, Assigned: eviljeff)
References
()
Details
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-4117 exists in the wild. Please refer to APSA16-02 for additional details. https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
Updated•8 years ago
|
Assignee: nobody → awilliamson
Assignee | ||
Comment 1•8 years ago
|
||
https://addons-dev.allizom.org/en-US/firefox/blocked/p921 https://addons-dev.allizom.org/en-US/firefox/blocked/p922 https://addons-dev.allizom.org/en-US/firefox/blocked/p923 blocks staged, test please
Flags: needinfo?(kjozwiak)
Reporter | ||
Comment 2•8 years ago
|
||
Downloaded the available flash versions from the following location: * https://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html Windows 10 x64 VM: PASSED ========================= File: NPSWF32_21_0_0_213.dll Path: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll Version: 21.0.0.213 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 21.0 r0 * build used: https://archive.mozilla.org/pub/firefox/nightly/2016/05/2016-05-25-06-37-10-mozilla-central/ * browser console: Blocklist state for Shockwave Flash changed from 0 to 4 * ensured that you can only select "Ask to Activate" and "Never Activate" * ensured "Update Now" is correctly pointingt to: /firefox/blocked/p923 File: NPSWF32_18_0_0_343.dll Path: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_343.dll Version: 18.0.0.343 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 18.0 r0 * build used: https://archive.mozilla.org/pub/firefox/nightly/2016/05/2016-05-24-00-40-15-mozilla-aurora/ * browser console: Blocklist state for Shockwave Flash changed from 0 to 4 * ensured that you can only select "Ask to Activate" and "Never Activate" * ensured "Update Now" is correctly pointingt to: /firefox/blocked/p922 File: NPSWF32_21_0_0_242.dll Path: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll Version: 21.0.0.242 State: Enabled Shockwave Flash 21.0 r0 * build used: https://archive.mozilla.org/pub/firefox/releases/46.0.1/win32/en-US/ * browser console: Blocklist state for Shockwave Flash changed from 0 to 0 * ensured that you can only select "Always Activate" File: NPSWF32_18_0_0_352.dll Path: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_352.dll Version: 18.0.0.352 State: Enabled Shockwave Flash 18.0 r0 * build used: https://archive.mozilla.org/pub/firefox/releases/47.0b8/win32/en-US/ * browser console: Blocklist state for Shockwave Flash changed from 0 to 0 * ensured that you can only select "Always Activate" Ubuntu 14.04.4 x64 VM: PASSED ============================= File: libflashplayer.so Path: /usr/lib/mozilla/plugins/libflashplayer.so Version: 11.2.202.616 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 11.2 r202 * build used: https://archive.mozilla.org/pub/firefox/nightly/2016/05/2016-05-26-03-02-23-mozilla-central/ * browser console: Blocklist state for Shockwave Flash changed from 0 to 4 * ensured that you can only select "Ask to Activate" and "Never Activate" * ensured "Update Now" is correctly pointingt to: /firefox/blocked/p921 File: libflashplayer.so Path: /usr/lib/mozilla/plugins/libflashplayer.so Version: 11.2.202.621 State: Enabled Shockwave Flash 11.2 r202 * build used: http://archive.mozilla.org/pub/firefox/releases/46.0.1/linux-x86_64/en-US/ * browser console: Blocklist state for Shockwave Flash changed from 0 to 0 * ensured that you can only select "Always Activate" OSX 10.11.5 x64 VM: PASSED =========================== File: Flash Player.plugin Path: /Library/Internet Plug-Ins/Flash Player.plugin Version: 21.0.0.213 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 21.0 r0 * build used: https://archive.mozilla.org/pub/firefox/releases/47.0b8/mac/en-US/ * browser console: Blocklist state for Shockwave Flash changed from 0 to 4 * ensured that you can only select "Ask to Activate" and "Never Activate" * ensured "Update Now" is correctly pointingt to: /firefox/blocked/p923 File: Flash Player.plugin Path: /Library/Internet Plug-Ins/Flash Player.plugin Version: 18.0.0.343 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 18.0 r0 * build used: https://archive.mozilla.org/pub/firefox/nightly/2016/05/2016-05-26-08-25-06-mozilla-central/ * browser console: Blocklist state for Shockwave Flash changed from 0 to 4 * ensured that you can only select "Ask to Activate" and "Never Activate" * ensured "Update Now" is correctly pointingt to: /firefox/blocked/p922 File: Flash Player.plugin Path: /Library/Internet Plug-Ins/Flash Player.plugin Version: 18.0.0.352 State: Enabled Shockwave Flash 18.0 r0 * build used: https://archive.mozilla.org/pub/firefox/releases/46.0.1/mac/en-US/ * browser console: Blocklist state for Shockwave Flash changed from 0 to 0 * ensured that you can only select "Always Activate" File: Flash Player.plugin Path: /Library/Internet Plug-Ins/Flash Player.plugin Version: 21.0.0.242 State: Enabled Shockwave Flash 21.0 r0 * build used: https://archive.mozilla.org/pub/firefox/nightly/2016/05/2016-05-26-00-40-16-mozilla-aurora/ * browser console: Blocklist state for Shockwave Flash changed from 0 to 0 * ensured that you can only select "Always Activate"
Flags: needinfo?(kjozwiak)
Assignee | ||
Comment 3•8 years ago
|
||
Blocks are live: Flash Player Plugin on Linux 11.2.202.577 to 11.2.202.616 (click-to-play) https://addons.mozilla.org/en-US/firefox/blocked/p1224 Flash Player Plugin 18.0.0.333 to 18.0.0.343 (click-to-play) https://addons.mozilla.org/en-US/firefox/blocked/p1225 Flash Player Plugin 21.0.0.197 to 21.0.0.226 (click-to-play) https://addons.mozilla.org/en-US/firefox/blocked/p1226
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Comment 4•8 years ago
|
||
Many of us are still having problems with this. We do not think this has been resolved, or fixed. Please e-mail me for examples, and screenshots of the problem. blckwidow@gmail.com Thank you for you're time.
Reporter | ||
Comment 5•7 years ago
|
||
> We do not think this has been resolved, or fixed. What's the issue that you're having? This particular bug didn't really fix anything other than block a known vulnerable version of flash. If a user was running either 21_0_0_213 or 18_0_0_343, they would receive a warning message in FX letting them know that they should update their versions of flash as the one they're using is vulnerable. > Please e-mail me for examples, and screenshots of the problem If you're having issues, just create a new bug under Toolkit:Blocklisting :)
You need to log in
before you can comment on or make changes to this bug.
Description
•