Plugin block request: Adobe Flash player version 27.0.0.159 and earlier

RESOLVED FIXED

Status

()

RESOLVED FIXED
a year ago
7 months ago

People

(Reporter: jorgev, Assigned: jorgev)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Assignee)

Description

a year ago
Version 27.0.0.159 and earlier of the Flash plugin are vulnerable and an active exploit exists for them in the wild:

https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
(Assignee)

Comment 1

a year ago
The block is now staged. Bogdan, can you please test and then ping :TheOne to have it deployed? (I'll be traveling tomorrow)
Flags: needinfo?(bogdan.maris)
(Assignee)

Comment 2

a year ago
Since this only affects ESR and Flash blocks are simpler now, let's skip the QA step. Sorry for the noise. Andreas, please push this block live.
Flags: needinfo?(bogdan.maris) → needinfo?(awagner)
The block is now live.
Status: NEW → RESOLVED
Last Resolved: a year ago
Flags: needinfo?(awagner)
Resolution: --- → FIXED
Comment hidden (admin-reviewed)

Comment 6

11 months ago
When a user hits "Allow and remember...", it comes up after every relaunch.

Where can I post for feedback on how to stifle this block for all our thousands of users?

Reason, updates to Adobe Flash have to go through a stringent Change Control process in enterprise, so we can't update yet.

TIA,
Don

Comment 7

9 months ago
FF 58.0.2: going to Add-ons Manager, I'm told that "Shockwave Flash is known to be vulnerable and should be updated. [Update Now]". But when I click "Update Now" the resulting page is blocked because it has Flash content on it! This is not a useful interaction since I'm told to update but the update page is blocked.

Current flash version is 21.0.r0.
(Assignee)

Comment 8

9 months ago
Plugin blocks should link to https://get.adobe.com/flashplayer/, which doesn't require Flash to work.
You need to log in before you can comment on or make changes to this bug.