Closed Bug 1330086 Opened 8 years ago Closed 8 years ago

Plugin block request: Adobe Flash player version 24.0.0.186 and earlier

Categories

(Toolkit :: Blocklist Policy Requests, defect, P1)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
defect

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: kjozwiak, Assigned: jorgev)

References

(
URL
)

Details

Plugin name: Flash Player.plugin Plugin versions to block: 24.0.0.186 and earlier Applications, versions, and platforms affected: Mac, Windows, Linux How does this plugin appear in about:plugins? File: Flash Player.plugin Path: /Library/Internet Plug-Ins/Flash Player.plugin Version: 24.0.0.186 State: Enabled Shockwave Flash 24.0 r0 Homepage and other references and contact info: https://helpx.adobe.com/security/products/flash-player/apsb17-02.html
Assignee: awilliamson → jorge
Blocks are now staged: Flash Player Plugin 23.0.0.207 to 24.0.0.186 (click-to-play) https://addons-dev.allizom.org/en-US/firefox/blocked/p955 Flash Player Plugin on Linux 23.0.0.207 to 24.0.0.186 (click-to-play) https://addons-dev.allizom.org/en-US/firefox/blocked/p956
Flags: needinfo?(kjozwiak)
========================= Windows 10 x64 VM: PASSED ========================= File: NPSWF32_24_0_0_186.dll Path: C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll Version: 24.0.0.186 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 24.0 r0 * build used: https://archive.mozilla.org/pub/firefox/releases/50.0.2/ * browser console log: Blocklist state for Shockwave Flash changed from 0 to 4 * ensured that "Update Now" pointed to /blocked/p955 * ensured that "Always Active" is being disabled * ensured flash is correctly being blocked when visiting several websites * ensured that the "Version Information" under http://www.adobe.com/software/flash/about/ is listing 24.0.0.186 as vulnerable Upgrading 24.0.0.186 to 24.0.0.194: ----------------------------------- File: NPSWF32_24_0_0_194.dll Path: C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll Version: 24.0.0.194 State: Enabled Shockwave Flash 24.0 r0 * ensured that "Always Active" can be enabled * ensured that the flash plugin doesn't appeare blocked under about:addons * ensured that the "Version Information" under http://www.adobe.com/software/flash/about/ is listing 24.0.0.194 as the latest version Clean installation of 24.0.0.194: --------------------------------- File: NPSWF32_24_0_0_194.dll Path: C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll Version: 24.0.0.194 State: Enabled Shockwave Flash 24.0 r0 * build used: https://archive.mozilla.org/pub/firefox/nightly/2017/01/2017-01-16-03-03-26-mozilla-central/ * * browser console log: Blocklist state for Shockwave Flash changed from 0 to 0 * ensured that "Always Active" can be enabled * ensured that the flash plugin doesn't appeare blocked under about:addons * ensured that the "Version Information" under http://www.adobe.com/software/flash/about/ is listing 24.0.0.194 as the latest version ========================= macOS 10.12.2 x64: PASSED ========================= Clean installation of 24.0.0.186: --------------------------------- File: Flash Player.plugin Path: /Library/Internet Plug-Ins/Flash Player.plugin Version: 24.0.0.186 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 24.0 r0 * build used: https://archive.mozilla.org/pub/firefox/candidates/51.0b14-candidates/build1/mac/en-US/ * browser console log: Blocklist state for Shockwave Flash changed from 0 to 4 * ensured that "Update Now" pointed to /blocked/p955 * ensured that "Always Active" is being disabled * ensured flash is correctly being blocked when visiting several websites * ensured that the "Version Information" under http://www.adobe.com/software/flash/about/ is listing 24.0.0.186 as vulnerable Upgrading 24.0.0.186 to 24.0.0.194: ----------------------------------- File: Flash Player.plugin Path: /Library/Internet Plug-Ins/Flash Player.plugin Version: 24.0.0.194 State: Enabled Shockwave Flash 24.0 r0 * build used: https://archive.mozilla.org/pub/firefox/candidates/51.0b14-candidates/build1/mac/en-US/ * ensured that "Always Active" can be enabled * ensured that the flash plugin doesn't appeare blocked under about:addons * ensured that the "Version Information" under http://www.adobe.com/software/flash/about/ is listing 24.0.0.194 as the latest version Clean installation of 24.0.0.194: --------------------------------- File: Flash Player.plugin Path: /Library/Internet Plug-Ins/Flash Player.plugin Version: 24.0.0.194 State: Enabled Shockwave Flash 24.0 r0 * build used: https://archive.mozilla.org/pub/firefox/nightly/2017/01/2017-01-16-00-40-21-mozilla-aurora/ * * browser console log: Blocklist state for Shockwave Flash changed from 0 to 0 * ensured that "Always Active" can be enabled * ensured that the flash plugin doesn't appeare blocked under about:addons * ensured that the "Version Information" under http://www.adobe.com/software/flash/about/ is listing 24.0.0.194 as the latest version
Jorge, I'm having issues with the blocklist under Ubuntu. I've created bug#1331489 to keep the two issues separate as this is specific to the staging/release of the block. Can you or someone else familiar with the blocklist take a look and see what's going on? It works fine under Win/macOS, but not under Ubuntu.
Flags: needinfo?(kjozwiak) → needinfo?(jorge)
Thanks, I commented on bug 1331489. I'll move forward with the blocks as they are, since there's a chance the Linux block will work on other distros. However, we definitely need to look into that bug and resolve it soon.
Flags: needinfo?(jorge)
Blocks are now live: Flash Player Plugin on Linux 23.0.0.207 to 24.0.0.186 (click-to-play) https://addons.mozilla.org/en-US/firefox/blocked/p1495 Flash Player Plugin 23.0.0.207 to 24.0.0.186 (click-to-play) https://addons.mozilla.org/en-US/firefox/blocked/p1494 Adding bug 1331489 as a dependency, since the Linux block is probably ineffective because of it.
Status: NEW → RESOLVED
Closed: 8 years ago
Depends on: 1331489
Resolution: --- → FIXED
Hi, Currently blocking Flash Player plugin is safe but is breaking the browser on Windows 10. How to reproduce the issue: Click Tools \ Add-Ons \ Plugins \ -> See the shockwave flash plugin is outdated and has an Update Now link. -> Click Update Now -> Click "Blocked Add-ons".Plugin check page -> Click "Check Your Plugins".Update Now -> Click "https://get.adobe.com/flashplayer/".Install now -> Download the file (Version 24.0.0.194) -> Run the file -> Get message that you are using an old version of the installer and click finish to get the latest. -> Click Finish, which deletes the downloaded file and opens Edge, saying that there is no need to download Flash which is included in Edge. -> You're mad. I would suggest to do something about this. a+,=) -=Finiderire=- Configuration: Waterfox 50.1 Portable Windows 10
Hi, RESOLVED/FIXED, This morning I managed to fix the issue, so here is the trick in case someone else goes into the issue: ... -> Click "Check Your Plugins".Update Now -> Click "https://get.adobe.com/flashplayer/".Need Flash Player For A Different Computer ? -> Select "Windows 10/Windows 8" and "FP 24 for Firefox - NPAPI" -> Uncheck Optional Offers, and click Download Now -> Download the file (Version 24.0.0.194) -> Run the file -> This time no message that you are using an old version of the installer. Conclusion: the installer that you obtain by manually requesting "Windows 10/Windows 8" + "FP 24 for Firefox - NPAPI" is not the same as the one you obtain when you let Adobe website choose for you even if it says "Your system: Windows 64-bit , English , Firefox". Note that both installers will have the same size and properties but different behavior. Another achievement from Adobe. a+,=) -=Finiderire=- (In reply to finiderir3 from comment #7) > Hi, > > Currently blocking Flash Player plugin is safe but is breaking the browser > on Windows 10. > > How to reproduce the issue: > Click Tools \ Add-Ons \ Plugins \ > -> > See the shockwave flash plugin is outdated and has an Update Now link. > -> > Click Update Now > -> > Click "Blocked Add-ons".Plugin check page > -> > Click "Check Your Plugins".Update Now > -> > Click "https://get.adobe.com/flashplayer/".Install now > -> > Download the file (Version 24.0.0.194) > -> > Run the file > -> > Get message that you are using an old version of the installer and click > finish to get the latest. > -> > Click Finish, which deletes the downloaded file and opens Edge, saying that > there is no need to download Flash which is included in Edge. > -> > You're mad. > > I would suggest to do something about this. > > a+,=) > -=Finiderire=- > > Configuration: > Waterfox 50.1 Portable > Windows 10
You need to log in before you can comment on or make changes to this bug.