Closed
Bug 1323300
Opened 7 years ago
Closed 7 years ago
Plugin block request: Adobe Flash Player 23.0.0.207 and earlier
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
FIXED
People
(Reporter: guigs, Unassigned)
References
Details
(Whiteboard: [plugin])
Plugin name: Flash Player.plugin Plugin versions to block: 23.0.0.207 and earlier Applications, versions, and platforms affected: Mac and Windows (Linux is a p3) Block severity: (hard) How does this plugin appear in about:plugins? File: /Library/Internet Plug-Ins/Flash Player.plugin Version: 23.0.0.207 Description: Shockwave Flash 24.0 r0 Homepage and other references and contact info: https://helpx.adobe.com/security/products/flash-player/apsb16-39.html#table Reasons:P1 in Adobe release
Reporter | ||
Updated•7 years ago
|
Summary: Plugin block request: <plugin name> → Plugin block request: Adobe Flash Player 23.0.0.207 and earlier
Comment 1•7 years ago
|
||
Blocks staged: Flash Player Plugin on Linux 11.2.202.643 to 23.0.0.207 (click-to-play) https://addons-dev.allizom.org/en-US/firefox/blocked/p952 Flash Player Plugin 23.0.0.205 to 23.0.0.207 (click-to-play) https://addons-dev.allizom.org/en-US/firefox/blocked/p951 It's nice that they aligned the version numbers. However, we'll have to still add two different blocks because the Linux one needs the OS attribute in order to not apply on Android.
Flags: needinfo?(kjozwiak)
Comment 2•7 years ago
|
||
Jorge, I'm getting certificate errors whenever I attempt to ping the staged server. Did the process change or is this a legitimate problem with the staging server? It seems like the certificate that's being used on the staging server has expired on 12/06/2016 07:00 AM... Errors under the browser console: ================================== Ubuntu 16.04 x64: Blocklist::notify: Requesting https://blocklist-dev.allizom.org/blocklist/3/%7Bec8030f7-c20a-464f-9b0e-13a3a9e97384%7D/53.0a1/Firefox/20161215061212/Linux_x86_64-gcc3/en-US/nightly/Linux%204.4.0-45-generic%20(GTK%203.18.9%2Clibpulse%208.0.0)/default/default/invalid/invalid/0/ blocklist-dev.allizom.org:443 uses an invalid security certificate. The certificate expired on 12/06/2016 07:00 AM. The current time is 12/15/2016 02:40 PM. Error code: <a id="errorCode" title="SEC_ERROR_EXPIRED_CERTIFICATE">SEC_ERROR_EXPIRED_CERTIFICATE</a> Blocklist:onError: There was an error loading the blocklist file nsIXMLHttpRequest channel unavailable Windows 10 x64: Blocklist::notify: Requesting https://blocklist-dev.allizom.org/blocklist/3/%7Bec8030f7-c20a-464f-9b0e-13a3a9e97384%7D/53.0a1/Firefox/20161215061212/WINNT_x86-msvc/en-US/nightly/Windows_NT%2010.0/default/default/1/1/new/ blocklist-dev.allizom.org:443 uses an invalid security certificate. The certificate expired on Tuesday, December 6, 2016 7:00 AM. The current time is Thursday, December 15, 2016 2:46 PM. Error code: <a id="errorCode" title="SEC_ERROR_EXPIRED_CERTIFICATE">SEC_ERROR_EXPIRED_CERTIFICATE</a> Blocklist:onError: There was an error loading the blocklist file nsIXMLHttpRequest channel unavailable
Flags: needinfo?(kjozwiak) → needinfo?(jorge)
Comment 3•7 years ago
|
||
Stuart, do you know what that's about?
Flags: needinfo?(jorge) → needinfo?(scolville)
Comment 4•7 years ago
|
||
(In reply to Jorge Villalobos [:jorgev] from comment #3) > Stuart, do you know what that's about? That's going to be an ops question. I think there was a problem with cert expiry last week, since we had a problem that impacted the mobile pages statics. It sounds similar.
Flags: needinfo?(scolville) → needinfo?(jthomas)
Comment 7•7 years ago
|
||
(In reply to Jorge Villalobos [:jorgev] from comment #6) > Kamil, please try again. Looks good! Windows 10 x64 VM: PASSED ========================= File: NPSWF32_23_0_0_207.dll Path: C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll Version: 23.0.0.207 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 23.0 r0 * build used: https://archive.mozilla.org/pub/firefox/nightly/2016/12/2016-12-16-03-02-07-mozilla-central/ * browser console log: Blocklist state for Shockwave Flash changed from 0 to 4 * ensured that "Update Now" pointed too firefox/blocked/p951 * ensured that "Always Active" is disabled * ensured flash is correctly being blocked File: NPSWF32_24_0_0_186.dll Path: C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll Version: 24.0.0.186 State: Enabled Shockwave Flash 24.0 r0 * build used: https://archive.mozilla.org/pub/firefox/releases/50.1.0/win32/en-US/ * browser console log: Blocklist state for Shockwave Flash changed from 0 to 0 * ensured that "Always Active" enabled OSX 10.12.2 x64: PASSED ======================= File: Flash Player.plugin Path: /Library/Internet Plug-Ins/Flash Player.plugin Version: 23.0.0.207 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 23.0 r0 * build used: https://archive.mozilla.org/pub/firefox/candidates/51.0b8-candidates/build1/mac/en-US/ * browser console log: Blocklist state for Shockwave Flash changed from 0 to 4 * ensured that "Update Now" pointed too firefox/blocked/p941 * ensured that "Always Active" is disabled * ensured flash is correctly being blocked File: Flash Player.plugin Path: /Library/Internet Plug-Ins/Flash Player.plugin Version: 24.0.0.186 State: Enabled Shockwave Flash 24.0 r0 * build used: https://archive.mozilla.org/pub/firefox/nightly/2016/12/2016-12-16-10-17-50-mozilla-aurora/ * browser console log: Blocklist state for Shockwave Flash changed from 0 to 0 * ensured that "Always Active" enabled Ubuntu 16.04.1 LTS VM x64: PASSED ================================= File: libflashplayer.so Path: /usr/lib/mozilla/plugins/libflashplayer.so Version: 11.2.202.644 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 11.2 r202 * build used: https://archive.mozilla.org/pub/firefox/releases/50.1.0/linux-x86_64/en-US/ * browser console log: Blocklist state for Shockwave Flash changed from 0 to 4 * ensured that "Update Now" pointed too firefox/blocked/p952 * ensured that "Always Active" is disabled * ensured flash is correctly being blocked File: libflashplayer.so Path: /usr/lib/mozilla/plugins/libflashplayer.so Version: 24.0.0.186 State: Enabled Shockwave Flash 24.0 r0 * build used: https://archive.mozilla.org/pub/firefox/candidates/51.0b8-candidates/build1/linux-x86_64/en-US/ * browser console log: Blocklist state for Shockwave Flash changed from 0 to 0 * ensured that "Always Active" enabled
Flags: needinfo?(kjozwiak)
Comment 8•7 years ago
|
||
The blocks are now live: Flash Player Plugin 23.0.0.205 to 23.0.0.207 (click-to-play) https://addons.mozilla.org/firefox/blocked/p1422 Flash Player Plugin on Linux 11.2.202.643 to 23.0.0.207 (click-to-play) https://addons.mozilla.org/firefox/blocked/p1421
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Comment 9•7 years ago
|
||
Due to the issue that was reported in comment#2 and fixed in comment#5, I quickly checked and made sure that the staged server is serving the blocks without any issues/cert errors. Windows 10 x64: PASSED ====================== File: NPSWF32_23_0_0_207.dll Path: C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll Version: 23.0.0.207 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 23.0 r0 * pinging server --> https://blocklist.addons.mozilla.org/ * build: https://archive.mozilla.org/pub/firefox/nightly/2016/12/2016-12-20-03-02-15-mozilla-central/ macOS 10.12.2 x64: PASSED ========================= File: Flash Player.plugin Path: /Library/Internet Plug-Ins/Flash Player.plugin Version: 23.0.0.207 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 23.0 r0 * pinging server --> https://blocklist.addons.mozilla.org/ * build: https://archive.mozilla.org/pub/firefox/releases/50.0.2/mac/en-US/ Ubuntu 16.04.1 LTS: PASSED ========================== File: libflashplayer.so Path: /usr/lib/mozilla/plugins/libflashplayer.so Version: 11.2.202.644 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 11.2 r202 * pinging server --> https://blocklist.addons.mozilla.org/ * build: https://archive.mozilla.org/pub/firefox/candidates/51.0b9-candidates/build1/linux-x86_64/en-US/
You need to log in
before you can comment on or make changes to this bug.
Description
•