Closed
Bug 1286972
Opened 8 years ago
Closed 8 years ago
Plugin block request: Adobe Reader 15.016.20045, 15.006.30174, 11.0.16
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
FIXED
People
(Reporter: guigs, Assigned: jorgev, NeedInfo)
References
Details
(Whiteboard: [plugin])
Plugin name: Plugin versions to block: Applications, versions, and platforms affected: Block severity: (hard/soft) How does this plugin appear in about:plugins? File: AdobePDFViewerNPAPI.plugin, File: Version: 15.016.20045, 15.016.20039, 15.016.20039.54196, 15.016.20039, 11.0.16 Description: Homepage and other references and contact info: https://helpx.adobe.com/security/products/acrobat/apsb16-26.html
Assignee | ||
Comment 1•8 years ago
|
||
Can someone confirm if the Adobe Reader plugin on Windows still uses this file: nppdf32.dll?
Assignee: nobody → jorge
Flags: needinfo?(rmcguigan)
Flags: needinfo?(kjozwiak)
Assignee | ||
Updated•8 years ago
|
Component: Security → Blocklisting
Product: addons.mozilla.org → Toolkit
Comment 2•8 years ago
|
||
(In reply to Jorge Villalobos [:jorgev] from comment #1) > Can someone confirm if the Adobe Reader plugin on Windows still uses this > file: nppdf32.dll? Windows 10 x64 VM: ================== * installed Adobe Reader 2015.017.20050 * using fx50.0a1, buildId: 20160720030208, changeset: ed8e23b5e0c7 File: nppdf32.dll Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll Version: 15.17.20050.61080 State: Enabled Adobe PDF Plug-In For Firefox and Netscape 15.17.20050 Windows 8.1 x64 VM: ==================== * installed Adobe Reader 2015.017.20050 * using fx50.0a1, buildId: 20160720030208, changeset: ed8e23b5e0c7 File: nppdf32.dll Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll Version: 15.17.20050.61080 State: Enabled Adobe PDF Plug-In For Firefox and Netscape 15.17.20050 Windows 7 x64 VM: ================== * installed Adobe Reader 2015.017.20050 * using fx50.0a1, buildId: 20160720030208, changeset: ed8e23b5e0c7 File: nppdf32.dll Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll Version: 15.17.20050.61080 State: Enabled Adobe PDF Plug-In For Firefox and Netscape 15.17.20050
Flags: needinfo?(kjozwiak)
Assignee | ||
Comment 3•8 years ago
|
||
Thanks. This block is now live: https://addons.mozilla.org/blocked/p1246
Status: NEW → RESOLVED
Closed: 8 years ago
Flags: needinfo?(rmcguigan)
Resolution: --- → FIXED
Comment 4•8 years ago
|
||
I've had reports of users using Adobe Reader 11.0.17 being hit by, I think, this block. Adobe Reader 11.0.17 is the latest in the Adobe Reader XI branch and is still under security support. I don't believe it should be blocked: can this be fixed, please?
Comment 5•8 years ago
|
||
We have also a lot of complaints that 11.0.17 is now blocked. Adobe Reader 11 is still supported until October 2017 and is probably the main version used in enterprise environments. This version should definitely not be blocked.
11.0.17 is now blocked for me, too. Please update blocklist.xml as soon as possible.
Comment 7•8 years ago
|
||
I note that bug 1288374 has been raised specifically asking for 11.0.17 to be considered safe.
Assignee | ||
Comment 9•8 years ago
|
||
Sorry about that. I've split the block in two now: Adobe Reader 12 to 15.016.20045 https://addons.mozilla.org/blocked/p1247 Adobe Reader 10.1.6 to 11.0.16 https://addons.mozilla.org/blocked/p1246
Comment 10•8 years ago
|
||
i think the block may have to be further split up since there is also a classic track of the acrobat plugin which still receives updates - this is how the updated version of the classic track shows up under about:plugins: Adobe Acrobat File: nppdf32.dll,nppdf32.dll Path: C:\Program Files (x86)\Adobe\Acrobat Reader 2015\Reader\browser\nppdf32.dll,C:\Program Files (x86)\Adobe\Acrobat Reader 2015\Reader\AIR\nppdf32.dll Version: 15.6.30198.61077 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Adobe PDF Plug-In For Firefox and Netscape 15.6.30198
Flags: needinfo?(jorge)
Assignee | ||
Comment 11•8 years ago
|
||
Ugh, that's confusing. And this versioning system doesn't help at all... http://www.adobe.com/devnet-docs/acrobatetk/tools/AdminGuide/whatsnewdc.html#dc-versioning
Flags: needinfo?(jorge)
Assignee | ||
Comment 12•8 years ago
|
||
I just blocked the latest affected versions, since now I don't know if normal version ranges apply to their versioning system. Adobe Reader (Continuous) 15.016.20045 https://addons.mozilla.org/blocked/p1250 Adobe Reader (Classic) 15.006.30174 https://addons.mozilla.org/blocked/p1247 Please ni :eviljeff if more updates are needed here. I'll be unavailable in the coming days.
Comment 13•8 years ago
|
||
We're getting the blocked message on Adobe Acrobat DC Pro version 2015.006.30198 . Reader and Acrobat X and below are EOL. There's Reader XI and Reader XI MUI. There's Acrobat XI (Pro and Standard). All of these should have the same version number. 11.0.17 is the latest. I have no idea if the plugin is the same across all three. There's Adobe Acrobat Reader MUI DC Classic, Adobe Acrobat Reader DC Continuous, and Adobe Acrobat Reader MUI DC Continuous. There's Adobe Acrobat DC (Pro and Standard) Classic, and Adobe Acrobat DC (Pro and Standard) Continuous. All of the "Continuous" track builds should have the same version number. 2015.017.20050 (or 15.017.20050 depending on where you look) is the latest. I have no idea if the plugin is the same across all three. All of the "Classic" track builds should have the same version number. 2015.006.30198 (or 15.006.30198 depending on where you look) is the latest. I have no idea if the plugin is the same across both. 2015 is the the release year for the product line itself. The "DC" line was released in 2015 and may or may not be replaced by a "2016" or "2017" version of the product that may or may not also be branded "DC". It's dumb. The second tuple (017 and 006) is part of a version number. The first 2 digits of the third tuple denote the "Classic" track or the "Continuous" track. 30 = Classic, 20 = Continuous. You must consider these two "tracks" separately, as they are not updated at the same time or with the same changes. The last 3 digits of the third tuple are also part of a version number. There is a fourth tuple that is not normally exposed, but I've never seen 2 different instances of this number for the same a.b.c version. Adobe's own documentation is a mess, inconsistent, and contradictory. After managing a dozen different versions of their products, I've submitted many error reports regarding their documentation to them. They do not care. Two examples relating to their versioning scheme for the "DC" line: "In it's generic form, the version number will appear as major.minor.minor_minor." This is clearly untrue based on the whole classic/continuous **** being prepended to the third tuple, and the hidden fourth tuple. If the second tuple of the two tracks happened to line up (and we can't be guaranteed that they won't) then the third tuple cannot be treated as a simple "minor_minor" number for comparison sake. You must take into account the two separate tracks and must parse the first 2 digits of the third tuple as the second step (the first being identifying the product line itself by the first tuple). The third step would be to look at the second tuple, and the fourth step would be to look at the last 3 digits of the third tuple. "The year-based version number is not the same as the Classic track name. While the Classic track version begins with 15 and the current track version is 2015, the track name only changes at each major release–not every year. The version number increments every year." Depending on where you look, the reported version begins with "2015." or "15.". The version number is not year-based in either case, as these releases came in 2016. I don't know what "current track" refers to, but I assume they're trying to say that 2015 (or 15) doesn't mean the version was built that year. This is true, but is directly conflicting with their previous statement. Of course, they go one to say that the version number increments every year. It doesn't. Bottom line - you should treat these version numbers as follows: If you have 15.b.c.d or 2015.b.c.d or 15.b.c or 2015.b.c Change it to 15.LEFT(c,2).b.RIGHT(c,3) Then you can compare like any sane version number.
Comment 14•8 years ago
|
||
can you confirm Adobe Acrobat DC Pro version 2015.006.30198 (15.006.30198) is still incorrectly blocked? - the blocklist has caching so you might have been getting the previous overly wider blocks.
Flags: needinfo?(bw_bloodletter)
Comment 15•8 years ago
|
||
Adobe Acrobat Plugin 11.0.17 is still being blocked when displaying pdfs in a browser window. The Plugin Check page is also showing it as "outdated". -Joel
Comment 16•8 years ago
|
||
(In reply to Andrew Williamson [:eviljeff] from comment #14) > can you confirm Adobe Acrobat DC Pro version 2015.006.30198 (15.006.30198) > is still incorrectly blocked? - the blocklist has caching so you might have > been getting the previous overly wider blocks. I can confirm that it's still being blocked after closing Firefox and reopening. Is there a specific way to clear the blocklist cache?
Comment 17•8 years ago
|
||
(In reply to Anon from comment #16) > (In reply to Andrew Williamson [:eviljeff] from comment #14) > > can you confirm Adobe Acrobat DC Pro version 2015.006.30198 (15.006.30198) > > is still incorrectly blocked? - the blocklist has caching so you might have > > been getting the previous overly wider blocks. > > I can confirm that it's still being blocked after closing Firefox and > reopening. > Is there a specific way to clear the blocklist cache? https://wiki.mozilla.org/Blocklisting/Testing#Forcing_a_Blocklist_Ping describes a way but it's not straightforward so I didn't want to suggest it. We're attempting to replicate the issue ourselves.
Assignee | ||
Comment 18•8 years ago
|
||
It would also help if you try the following steps: 1) Close Firefox 2) Located your profile folder: https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data 3) Delete the file named pluginreg.dat 4) Start Firefox again The block should disappear (if you're using an up to date version), and shouldn't show up again. Let us know if this works or not.
Comment 19•8 years ago
|
||
I checked yesterday afternoon and the block was gone. I didn't do anything to clear the cache.
Comment 20•7 years ago
|
||
This is now being blocked again for me. It was work/quit working/started working again and today it is no longer working. I use the Adobe Create PDF all the time and really would appreciate if Mozilla left this alone or allowed a user option to override.
You need to log in
before you can comment on or make changes to this bug.
Description
•