Closed Bug 1363513 Opened 4 years ago Closed 4 years ago

Plugin block request: Adobe Flash Player 25.0.0.163 and earlier

Categories

(Toolkit :: Blocklist Policy Requests, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: guigs, Assigned: jorgev)

Details

(Whiteboard: [plugin])

+++ This bug was initially created as a clone of Bug #1302525 +++

Plugin name: Flash Player.plugin
Plugin versions to block:  25.0.0.148
Applications, versions, and platforms affected: 
Block severity: (hard

How does this plugin appear in about:plugins?
    File: 
    Version: 
    Description: 

    File: Flash Player.plugin
    Path: /Library/Internet Plug-Ins/Flash Player.plugin
    Version: 25.0.0.148
    State: Enabled
    Shockwave Flash 25.0 r0

    File: NPSWF32_25_0_0_148.dll
    Path: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_25_0_0_148.dll
    Version: 22.0.0.209
    State: Enabled
    Shockwave Flash 25.0 r0

    File: NPSWF32_25_0_0_148.dll
    Path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll
    Version: 25.0.0.148
    State: Enabled
    Shockwave Flash 25.0 r0

    File: NPSWF32_25_0_0_148.dll
    Path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll
    Version: 25.0.0.148
    State: Enabled
    Shockwave Flash 25.0 r0

(don't have linux sorry)
Homepage and other references and contact info: 
https://helpx.adobe.com/security/products/flash-player/apsb17-15.html
No longer depends on: 1363510
The fixed version is 25.0.0.171, and the affected versions are 25.0.0.148 for Windows and Linux, and 25.0.0.163 for Mac, so I'm setting the block to end on version 25.0.0.163.
Assignee: nobody → jorge
Summary: Plugin block request: Adobe Flash Player 25.0.0.148 and earlier → Plugin block request: Adobe Flash Player 25.0.0.163 and earlier
The blocks are now staged and ready for testing.
Flags: needinfo?(kjozwiak)
Before going through the tests on each platform, I ensured that the fp25.0.0.163 block was being listed in the following XML file:

https://settings.prod.mozaws.net/v1/preview/3/%7Bec8030f7-c20a-464f-9b0e-13a3a9e97384%7D/51.0.1/Firefox/20170125094131/Darwin_x86_64-gcc3-u-i386-x86_64/en-US/release/

=========================
Win 10 Pro x64 VM: PASSED
=========================

System with 25.0.0.148 installed:
---------------------------------

File: NPSWF32_25_0_0_148.dll
Path: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll
Version: 25.0.0.148
State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE)
Shockwave Flash 25.0 r0

* build used: https://archive.mozilla.org/pub/firefox/releases/53.0.2/win32/en-US/
* browser console log: Blocklist state for Shockwave Flash changed from 0 to 4
* ensured that the flash plugin appears as blocked under about:addons
* ensured that "Always Active" is being disabled
* ensured that the "Version Information" under http://www.adobe.com/software/flash/about/ is listing 25.0.0.148 as outdated
* ensured that flash is being blocked on several popular websites

Upgrading 25.0.0.148 to 25.0.0.171:
-----------------------------------

File: NPSWF32_25_0_0_171.dll
Path: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll
Version: 25.0.0.171
State: Enabled
Shockwave Flash 25.0 r0

* build used: https://archive.mozilla.org/pub/firefox/releases/53.0.2/win32/en-US/
* ensured that "Always Active" can be enabled
* ensured that the flash plugin doesn't appear blocked under about:addons
* ensured that the "Version Information" under http://www.adobe.com/software/flash/about/ is listing 25.0.0.171 as the latest version

System with 25.0.0.171 installed:
---------------------------------

File: NPSWF32_25_0_0_171.dll
Path: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll
Version: 25.0.0.171
State: Enabled
Shockwave Flash 25.0 r0

* build used: https://archive.mozilla.org/pub/firefox/releases/53.0.2/win32/en-US/
* * browser console log: Blocklist state for Shockwave Flash changed from 0 to 0
* ensured that "Always Active" can be enabled
* ensured that the flash plugin doesn't appear blocked under about:addons
* ensured that the "Version Information" under http://www.adobe.com/software/flash/about/ is listing 25.0.0.171 as the latest version

=================================
Ubuntu 16.04.2 LTS x64 VM: PASSED
=================================

System with 25.0.0.148 installed:
---------------------------------

File: libflashplayer.so
Path: /usr/lib/mozilla/plugins/libflashplayer.so
Version: 25.0.0.148
State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE)
Shockwave Flash 25.0 r0

* build used: https://archive.mozilla.org/pub/firefox/releases/53.0.2/linux-x86_64/en-US/
* browser console log: Blocklist state for Shockwave Flash changed from 0 to 4
* ensured that the flash plugin appears as blocked under about:addons
* ensured that "Always Active" is being disabled
* ensured that the "Version Information" under http://www.adobe.com/software/flash/about/ is listing 25.0.0.148 as outdated
* ensured that flash is being blocked on several popular websites

Upgrading 25.0.0.148 to 25.0.0.171:
-----------------------------------

File: libflashplayer.so
Path: /usr/lib/mozilla/plugins/libflashplayer.so
Version: 25.0.0.171
State: Enabled
Shockwave Flash 25.0 r0

* build used: https://archive.mozilla.org/pub/firefox/nightly/2017/05/2017-05-11-13-33-12-mozilla-central/
* ensured that "Always Active" can be enabled
* ensured that the flash plugin doesn't appear blocked under about:addons
* ensured that the "Version Information" under http://www.adobe.com/software/flash/about/ is listing 25.0.0.171 as the latest version
 
System with 25.0.0.171 installed:
---------------------------------

File: libflashplayer.so
Path: /usr/lib/mozilla/plugins/libflashplayer.so
Version: 25.0.0.171
State: Enabled
Shockwave Flash 25.0 r0

* build used: https://archive.mozilla.org/pub/firefox/nightly/2017/05/2017-05-11-07-47-36-mozilla-aurora/
* * browser console log: Blocklist state for Shockwave Flash changed from 0 to 0
* ensured that "Always Active" can be enabled
* ensured that the flash plugin doesn't appear blocked under about:addons
* ensured that the "Version Information" under http://www.adobe.com/software/flash/about/ is listing 25.0.0.171 as the latest

=========================
macOS 10.12.4 x64: PASSED
=========================

System with 25.0.0.163 installed:
---------------------------------

File: Flash Player.plugin
Path: /Library/Internet Plug-Ins/Flash Player.plugin
Version: 25.0.0.163
State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE)
Shockwave Flash 25.0 r0

* build used: https://archive.mozilla.org/pub/firefox/releases/52.0.2/mac/
* browser console log: Blocklist state for Shockwave Flash changed from 0 to 4
* ensured that the flash plugin appears as blocked under about:addons
* ensured that "Always Active" is being disabled
* ensured that the "Version Information" under http://www.adobe.com/software/flash/about/ is listing 25.0.0.163 as outdated
* ensured that flash is being blocked on several popular websites

Upgrading 25.0.0.163 to 25.0.0.171:
-----------------------------------

File: Flash Player.plugin
Path: /Library/Internet Plug-Ins/Flash Player.plugin
Version: 25.0.0.171
State: Enabled
Shockwave Flash 25.0 r0

* build used: https://archive.mozilla.org/pub/firefox/candidates/54.0b6-candidates/build1/mac/en-US/
* ensured that "Always Active" can be enabled
* ensured that the flash plugin doesn't appear blocked under about:addons
* ensured that the "Version Information" under http://www.adobe.com/software/flash/about/ is listing 25.0.0.171 as the latest version

System with 25.0.0.171 installed:
---------------------------------

File: Flash Player.plugin
Path: /Library/Internet Plug-Ins/Flash Player.plugin
Version: 25.0.0.171
State: Enabled
Shockwave Flash 25.0 r0

* build used: https://archive.mozilla.org/pub/firefox/nightly/2017/05/2017-05-11-06-38-38-mozilla-central/
* * browser console log: Blocklist state for Shockwave Flash changed from 0 to 0
* ensured that "Always Active" can be enabled
* ensured that the flash plugin doesn't appear blocked under about:addons
* ensured that the "Version Information" under http://www.adobe.com/software/flash/about/ is listing 25.0.0.171 as the latest version
Flags: needinfo?(kjozwiak)
Andreas, please push this block live.
Flags: needinfo?(awagner)
This block is now live.
Status: NEW → RESOLVED
Closed: 4 years ago
Flags: needinfo?(awagner)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.