Closed Bug 1520414 Opened 7 years ago Closed 7 years ago

Restrict soft-block of all Flash versions to < 32.0.0.101

Categories

(Toolkit :: Blocklist Policy Requests, task)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
task
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox-esr60 --- fixed
firefox64 --- fixed
firefox65 --- fixed
firefox66 --- fixed

People

(Reporter: philipp, Assigned: TheOne)

References

Details

bug 1519516 soft-blocked flash plugin version 32.0.0.101 marking it as vulnerable in the firefox ui.

however adobe's advisory at https://helpx.adobe.com/security/products/flash-player/apsb19-01.html explicitly states that version 32.0.0.114 only contained performance and feature changes but no security fixes, so it won't get deployed in many corporate environments where we now claim that 32.0.0.101 is vulnerable in error.

as a result can we restrict the block to versions BELOW 32.0.0.101?

Chris, could you confirm this and let us know the max version that should be included in the block, please?

Flags: needinfo?(cpeterson)

(In reply to Andreas Wagner [:TheOne] [use NI] from comment #1)

Chris, could you confirm this and let us know the max version that should be included in the block, please?

Philipp is correct. Thanks for catching this!

Therefore:

  1. We do NOT want to soft-block ANY versions of Flash 32.x at this time.
  2. We should continue to soft-block ALL versions of Flash 31.x. (The most recent version of 31.x is 31.0.0.153.)
Flags: needinfo?(cpeterson) → needinfo?(awagner)

Thank you, Chris.

The block has been updated. Jorge, can you please review and push?

Flags: needinfo?(awagner) → needinfo?(jorge)

Done.

Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(jorge)
Resolution: --- → FIXED
Assignee: nobody → awagner
Type: enhancement → task
You need to log in before you can comment on or make changes to this bug.