Version 188.8.131.52 and earlier of the Flash plugin are vulnerable and an active exploit exists for them in the wild: https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
The block is now staged. Bogdan, can you please test and then ping :TheOne to have it deployed? (I'll be traveling tomorrow)
Since this only affects ESR and Flash blocks are simpler now, let's skip the QA step. Sorry for the noise. Andreas, please push this block live.
Flags: needinfo?(bogdan.maris) → needinfo?(awagner)
The block is now live.
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → FIXED
When a user hits "Allow and remember...", it comes up after every relaunch. Where can I post for feedback on how to stifle this block for all our thousands of users? Reason, updates to Adobe Flash have to go through a stringent Change Control process in enterprise, so we can't update yet. TIA, Don
FF 58.0.2: going to Add-ons Manager, I'm told that "Shockwave Flash is known to be vulnerable and should be updated. [Update Now]". But when I click "Update Now" the resulting page is blocked because it has Flash content on it! This is not a useful interaction since I'm told to update but the update page is blocked. Current flash version is 21.0.r0.
Plugin blocks should link to https://get.adobe.com/flashplayer/, which doesn't require Flash to work.
You need to log in before you can comment on or make changes to this bug.