Closed Bug 1302525 Opened 9 years ago Closed 9 years ago

Plugin block request: Adobe Flash Player 22.0.0.209, 22.0.0.211 and earlier, 18.0.0.366 and earlier

Categories

(Toolkit :: Blocklist Policy Requests, defect)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: guigs, Assigned: eviljeff)

References

Details

(Whiteboard: [plugin])

Plugin name: Flash Player.plugin Plugin versions to block: 22.0.0.209, 22.0.0.211 and earlier, 18.0.0.366 and earlier, 11.2.202.632 and earlier Applications, versions, and platforms affected: Block severity: (hard How does this plugin appear in about:plugins? File: Version: Description: File: Flash Player.plugin Path: /Library/Internet Plug-Ins/Flash Player.plugin Version: 22.0.0.209 State: Enabled Shockwave Flash 22.0 r0 File: NPSWF32_22_0_0_209.dll Path: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll Version: 22.0.0.209 State: Enabled Shockwave Flash 22.0 r0 File: NPSWF32_22_0_0_209.dll Path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll Version: 22.0.0.209 State: Enabled Shockwave Flash 22.0 r0 File: NPSWF32_22_0_0_211.dll Path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_211.dll Version: 22.0.0.211 State: Enabled Shockwave Flash 22.0 r0 (don't have linux sorry) Homepage and other references and contact info: https://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Summary: Plugin block request: <plugin name> → Plugin block request: Adobe Flash Player 22.0.0.209, 22.0.0.211 and earlier, 18.0.0.366 and earlier
Does anyone know if Adobe Flash is still tracking blocklist in Firefox?
(In reply to rmcguigan from comment #1) > Does anyone know if Adobe Flash is still tracking blocklist in Firefox? If you're asking whether this blocklist request is still relevant, the answer is yes. It should be handled soon.
Assignee: nobody → awilliamson
Hello Andrew, based on the top crasher on Aurora50 since a week, it seems most of the crashes are coming from the latest version 23.0.0.162. See http://bit.ly/2d1rghh for crash info. Is there a possibility we can block that version too?
Flags: needinfo?(awilliamson)
(In reply to Ritu Kothari (:ritu) from comment #4) > Hello Andrew, based on the top crasher on Aurora50 since a week, it seems > most of the crashes are coming from the latest version 23.0.0.162. See > http://bit.ly/2d1rghh for crash info. > > Is there a possibility we can block that version too? can you file a separate bug for it? (we can... though blocking a release version of Flash is a contentious issue)
Flags: needinfo?(awilliamson)
Everything looks like it's working correctly. However, the Flash Extended Support Release (18.0.0.366) is currently pointing to /blocked/p940/ [1] which is currently displaying "Flash Player Plugin 13.0.0.296 to 13.0.0.301 (click-to-play) has been blocked for your protection." Is the new p940 link replacing the current [1] one with the new range that will include the version that's being blocked in this bug? [1] https://blocklist.addons.mozilla.org/en-US/firefox/blocked/p940 Windows 10 x64 VM: PASSED ========================= File: NPSWF32_22_0_0_209.dll Path: C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_22_0_0_209.dll Version: 22.0.0.209 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 22.0 r0 * build used: https://archive.mozilla.org/pub/firefox/nightly/2016/09/2016-09-20-00-40-04-mozilla-aurora/ * browser console log: Blocklist state for Shockwave Flash changed from 0 to 4 * ensured that "Update Now" pointed too firefox/blocked/p941 * esnured that "Always Active" is disabled * ensured flash is correctly being blocked File: NPSWF32_18_0_0_366.dll Path: C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_18_0_0_366.dll Version: 18.0.0.366 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 18.0 r0 * build used: https://archive.mozilla.org/pub/firefox/nightly/2016/09/2016-09-20-03-04-29-mozilla-central/ * browser console log: Blocklist state for Shockwave Flash changed from 0 to 4 * ensured that "Update Now" pointed too firefox/blocked/p940 * esnured that "Always Active" is disabled * ensured flash is correctly being blocked File: NPSWF32_23_0_0_162.dll Path: C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_162.dll Version: 23.0.0.162 State: Enabled Shockwave Flash 23.0 r0 * build used: https://archive.mozilla.org/pub/firefox/releases/48.0.2/win32/en-US/ * browser console log: Blocklist state for Shockwave Flash changed from 0 to 0 * esnured that "Always Active" enabled File: NPSWF32_18_0_0_375.dll Path: C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_18_0_0_375.dll Version: 18.0.0.375 State: Enabled Shockwave Flash 18.0 r0 * build used: https://archive.mozilla.org/pub/firefox/candidates/49.0-candidates/build4/win32/en-US/ * browser console log: Blocklist state for Shockwave Flash changed from 0 to 0 * esnured that "Always Active" enabled OSX 10.11.6 x64: PASSED ======================= File: Flash Player.plugin Path: /Library/Internet Plug-Ins/Flash Player.plugin Version: 22.0.0.209 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 22.0 r0 * build used: https://archive.mozilla.org/pub/firefox/releases/48.0.2/mac/en-US/ * browser console log: Blocklist state for Shockwave Flash changed from 0 to 4 * ensured that "Update Now" pointed too firefox/blocked/p941 * esnured that "Always Active" is disabled * ensured flash is correctly being blocked File: Flash Player.plugin Path: /Library/Internet Plug-Ins/Flash Player.plugin Version: 18.0.0.366 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 18.0 r0 * build used: https://archive.mozilla.org/pub/firefox/nightly/2016/09/2016-09-20-00-40-04-mozilla-aurora/ * browser console log: Blocklist state for Shockwave Flash changed from 0 to 4 * ensured that "Update Now" pointed too firefox/blocked/p940 * esnured that "Always Active" is disabled * ensured flash is correctly being blocked File: Flash Player.plugin Path: /Library/Internet Plug-Ins/Flash Player.plugin Version: 23.0.0.162 State: Enabled Shockwave Flash 23.0 r0 * build used: https://archive.mozilla.org/pub/firefox/nightly/2016/09/2016-09-20-03-04-29-mozilla-central/ * browser console log: Blocklist state for Shockwave Flash changed from 0 to 0 * esnured that "Always Active" enabled File: Flash Player.plugin Path: /Library/Internet Plug-Ins/Flash Player.plugin Version: 18.0.0.375 State: Enabled Shockwave Flash 18.0 r0 * build used: https://archive.mozilla.org/pub/firefox/nightly/2016/09/2016-09-20-03-04-29-mozilla-central/ * browser console log: Blocklist state for Shockwave Flash changed from 0 to 0 * esnured that "Always Active" enabled Ubuntu 16.04.1 LTS VM x64: PASSED ================================= File: libflashplayer.so Path: /usr/lib/mozilla/plugins/libflashplayer.so Version: 11.2.202.632 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 11.2 r202 * build used: https://archive.mozilla.org/pub/firefox/nightly/2016/09/2016-09-20-03-04-29-mozilla-central/ * browser console log: Blocklist state for Shockwave Flash changed from 0 to 4 * ensured that "Update Now" pointed too firefox/blocked/p939 * esnured that "Always Active" is disabled * ensured flash is correctly being blocked File: libflashplayer.so Path: /usr/lib/mozilla/plugins/libflashplayer.so Version: 11.2.202.635 State: Enabled Shockwave Flash 11.2 r202 * build used: https://archive.mozilla.org/pub/firefox/nightly/2016/09/2016-09-20-00-40-04-mozilla-aurora/ * browser console log: Blocklist state for Shockwave Flash changed from 0 to 0 * esnured that "Always Active" enabled
Flags: needinfo?(kjozwiak) → needinfo?(awilliamson)
18.0.0.366 block is pointing to a url on production AMO? https://blocklist.addons.mozilla.org/en-US/firefox/blocked/p940 *not* something on the -dev blocklist? (that they're both p940 is entirely coincidental - the production blocklist has more entries because of bulk certificate blocks that we don't manually test so the numbers when live are likely to be p1272-4)
Flags: needinfo?(awilliamson) → needinfo?(kjozwiak)
> 18.0.0.366 block is pointing to a url on production AMO? > https://blocklist.addons.mozilla.org/en-US/firefox/blocked/p940 *not* > something on the -dev blocklist? I went through the blocks against 18.0.0.366 and ensured that the links were pointing to the blocklist-dev url [1]. Clicking on "Update Now" under about:addons will correctly open the url in a new tab and display "Flash Player Plugin 18.0.0.360 to 18.0.0.366 (click-to-play) has been blocked for your protection.". [1] https://blocklist-dev.allizom.org/en-US/firefox/blocked/p940 Platforms checked: * Win 10 x64 - PASSED ** build: fx52.0a1, buildId: 20160921030221, changeset: e2d2897e4a74 * OSX 10.11.6 x64 - PASSED ** build: fx51.0a2, buildId: 20160921004005, changeset: 9f757cfe0d33 > (that they're both p940 is entirely coincidental - the production blocklist > has more entries because of bulk certificate blocks that we don't manually > test so the numbers when live are likely to be p1272-4) Sounds great! I wasn't too sure if this would cause conflicts once it was pushed into production. Apologies for the red flag.
Flags: needinfo?(kjozwiak)
You need to log in before you can comment on or make changes to this bug.