Closed
Bug 1347194
Opened 7 years ago
Closed 7 years ago
Blocklist old Shockwave (14-March-2017 patch Tuesday release)
Categories
(Toolkit :: Blocklist Policy Requests, enhancement)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
FIXED
People
(Reporter: benjamin, Assigned: jorgev)
Details
Attachments
(1 file)
|
918.13 KB,
image/png
|
Details |
Linux not a supported platform
APSB17-08: Security update available for Adobe Shockwave Player Originally posted: March 14, 2017 Summary: Adobe has released a security update for Adobe Shockwave Player for Windows. This update addresses an important vulnerability that could potentially lead to escalation of privilege. Adobe recommends that customers apply the appropriate update using the instructions provided in the "Solution" section of the security bulletin. Learn more: http://t.info.adobesystems.com//r/?id=t1131adc7,6db9c216,6dc3f327 Priority Rating: Adobe categorizes these updates as priority 2. http://t.info.adobesystems.com//r/?id=t1131adc7,6db9c216,6dc3f328 Note that this will realistically only apply for Firefox ESR, since we no longer support shockwave in release Firefox.
Flags: needinfo?(jorge)
|
Assignee | |
Comment 1•7 years ago
|
||
Does Shockwave use the same plugin files as the regular Flash plugin? I can only find a very old block for a "Shockwave for Director" plugin: https://blocked.cdn.mozilla.net/p1054.html
Flags: needinfo?(jorge) → needinfo?(benjamin)
|
Reporter | |
Comment 2•7 years ago
|
||
No shockwave is a separate plugin from Flash (which is confusing because the Flash mime type is x-shockwave-flash). Downloads at https://get.adobe.com/shockwave/
Flags: needinfo?(benjamin)
|
|
Assignee | |
Comment 3•7 years ago
|
||
Kamil, can you help me get the about:plugins information for this plugin on the 3 platforms?
Flags: needinfo?(kjozwiak)
|
||
Comment 4•7 years ago
|
||
Jorge, let me know if there's anything else that I can do here! macOS 10.12.3 x64: ================== From all the information that I've gathered, it looks like Shockwave only works on 32bit browsers [1]. OSX 10.6 was the last version that supported 32-bit Intel Mac's. Looking at the latest FX system requirements, it looks like we only support FX on OSX systems that are 10.9 or higher. You can technically use Shockwave on newer macOS's if you run Safari in a 32bit compatibility mode which I don't think FX supports. With all of the above information, I'm not sure if it's even worth creating a block for macOS. However, if you still need the about:plugins information for macOS, please let me know and I'll see if I can try installing an older version of OSX. [1] https://helpx.adobe.com/shockwave/kb/shockwave-player-64-bit-windows.html [2] https://helpx.adobe.com/shockwave/kb/run-shockwave-11-5-mac.html Ubuntu 16.04.2 LTS x64 VM: ========================== From all the different sources that I've read through (askubuntu.com, help.ubuntu.com, StackExchange), it looks like Shockwave was never really supported under Linux. You would need to install it via Wine or use a third party open source implementation such as GNU Shockwave Flash. Visiting https://get.adobe.com/shockwave/otherversions/ via Ubuntu/FX won't even list Linux as a platform. (see attached image) As with OSX, I'm not sure if it's even worth creating a block for Linux as it seems like Shockwave as been obsolete/dead under Linux for a long, long time now. Windows 10 Pro x64 VM: ====================== Using fx51.0.1 x86 as fx52 doesn't support NPAPI plugins other than Flash. Shockwave for Director File: np32dsw_1228198.dll Path: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1228198.dll Version: 12.2.8.198 State: Enabled Adobe Shockwave for Director Netscape plug-in, version 12.2.8.198 Shockwave for Director File: np32dsw_1227197.dll Path: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1227197.dll Version: 12.2.7.197 State: Enabled Adobe Shockwave for Director Netscape plug-in, version 12.2.7.197
Flags: needinfo?(kjozwiak) → needinfo?(jorge)
|
|
Assignee | |
Comment 5•7 years ago
|
||
Great, thanks. I'll block 12.2.7.197 on Windows, then.
Assignee: nobody → jorge
Flags: needinfo?(jorge)
|
|
Assignee | |
Comment 6•7 years ago
|
||
The block is staged now. Andreas, can you please review and push this block?
Flags: needinfo?(awagner)
|
||
Comment 7•7 years ago
|
||
I clicked the wrong button and now I can't approve this anymore :/ Sorry. I had to request review again... Also, is the filename field supposed to be a regex? The label just says "filename pattern" which is usually different from regex.
Flags: needinfo?(awagner)
|
|
Assignee | |
Comment 8•7 years ago
|
||
Yes, all pattern fields accept regular expressions. The ID field for extensions is special because it requires the `/` at the beginning and end, but all others don't. The block is now live.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•