APSB17-08: Security update available for Adobe Shockwave Player Originally posted: March 14, 2017 Summary: Adobe has released a security update for Adobe Shockwave Player for Windows. This update addresses an important vulnerability that could potentially lead to escalation of privilege. Adobe recommends that customers apply the appropriate update using the instructions provided in the "Solution" section of the security bulletin. Learn more: http://t.info.adobesystems.com//r/?id=t1131adc7,6db9c216,6dc3f327 Priority Rating: Adobe categorizes these updates as priority 2. http://t.info.adobesystems.com//r/?id=t1131adc7,6db9c216,6dc3f328 Note that this will realistically only apply for Firefox ESR, since we no longer support shockwave in release Firefox.
Does Shockwave use the same plugin files as the regular Flash plugin? I can only find a very old block for a "Shockwave for Director" plugin: https://blocked.cdn.mozilla.net/p1054.html
Flags: needinfo?(jorge) → needinfo?(benjamin)
No shockwave is a separate plugin from Flash (which is confusing because the Flash mime type is x-shockwave-flash). Downloads at https://get.adobe.com/shockwave/
Kamil, can you help me get the about:plugins information for this plugin on the 3 platforms?
Created attachment 8852019 [details] Linux not a supported platform Jorge, let me know if there's anything else that I can do here! macOS 10.12.3 x64: ================== From all the information that I've gathered, it looks like Shockwave only works on 32bit browsers . OSX 10.6 was the last version that supported 32-bit Intel Mac's. Looking at the latest FX system requirements, it looks like we only support FX on OSX systems that are 10.9 or higher. You can technically use Shockwave on newer macOS's if you run Safari in a 32bit compatibility mode which I don't think FX supports. With all of the above information, I'm not sure if it's even worth creating a block for macOS. However, if you still need the about:plugins information for macOS, please let me know and I'll see if I can try installing an older version of OSX.  https://helpx.adobe.com/shockwave/kb/shockwave-player-64-bit-windows.html  https://helpx.adobe.com/shockwave/kb/run-shockwave-11-5-mac.html Ubuntu 16.04.2 LTS x64 VM: ========================== From all the different sources that I've read through (askubuntu.com, help.ubuntu.com, StackExchange), it looks like Shockwave was never really supported under Linux. You would need to install it via Wine or use a third party open source implementation such as GNU Shockwave Flash. Visiting https://get.adobe.com/shockwave/otherversions/ via Ubuntu/FX won't even list Linux as a platform. (see attached image) As with OSX, I'm not sure if it's even worth creating a block for Linux as it seems like Shockwave as been obsolete/dead under Linux for a long, long time now. Windows 10 Pro x64 VM: ====================== Using fx51.0.1 x86 as fx52 doesn't support NPAPI plugins other than Flash. Shockwave for Director File: np32dsw_1228198.dll Path: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1228198.dll Version: 184.108.40.206 State: Enabled Adobe Shockwave for Director Netscape plug-in, version 220.127.116.11 Shockwave for Director File: np32dsw_1227197.dll Path: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1227197.dll Version: 18.104.22.168 State: Enabled Adobe Shockwave for Director Netscape plug-in, version 22.214.171.124
Flags: needinfo?(kjozwiak) → needinfo?(jorge)
Great, thanks. I'll block 126.96.36.199 on Windows, then.
Assignee: nobody → jorge
The block is staged now. Andreas, can you please review and push this block?
I clicked the wrong button and now I can't approve this anymore :/ Sorry. I had to request review again... Also, is the filename field supposed to be a regex? The label just says "filename pattern" which is usually different from regex.
Yes, all pattern fields accept regular expressions. The ID field for extensions is special because it requires the `/` at the beginning and end, but all others don't. The block is now live.
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.