Update Plugin Checking for Shockwave Director

RESOLVED FIXED

Status

Websites
plugins.mozilla.org
RESOLVED FIXED
9 years ago
9 years ago

People

(Reporter: chris hofmann, Unassigned)

Tracking

Details

(Reporter)

Description

9 years ago
Critical  vulnerabilities have been identified in Adobe Shockwave Player 11.5.2.602 and earlier versions, on the Windows and Macintosh operating systems.

Adobe recommends Shockwave Player users uninstall Shockwave version 11.5.2.602 and earlier on their systems, restart their systems, and install Shockwave version 11.5.6.606, available here: http://get.adobe.com/shockwave/.

http://www.adobe.com/support/security/bulletins/apsb10-03.html

We should start out softblocking to warn and get users to update, and check success of that measure, then maybe hardblock at some point.
Checked in r62335 to update PFS2 for the plugin check page. Waiting on IT bug 545918 for production update.

Not sure what needs doing for block listing or who can do it.
Summary: Update Plugin Checking for Shockwave Flash → Update Plugin Checking for Shockwave Director
Depends on: 545918
This has been updated in PFS2, and should be flagged as vulnerable on the plugin check page now.

[
    {
        "releases": {
            "others": [
                {
                    "status": "vulnerable", 
                    "app_release": "*", 
                    "os_name": "*", 
                    "vendor": "Adobe", 
                    "description": "Adobe Shockwave for Director Netscape plug-in, version 11.5", 
                    "url": "http://get.adobe.com/shockwave/", 
                    "modified": "2010-02-17T03:44:43+00:00", 
                    "name": "Shockwave for Director", 
                    "vulnerability_description": "The vulnerabilities could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system.", 
                    "vulnerability_url": "http://www.adobe.com/support/security/bulletins/apsb10-03.html", 
                    "version": "11.5.2", 
                    "license_url": "http://www.adobe.com/products/eulas/players/shockwave", 
                    "relevance": 2, 
                    "locale": "*", 
                    "app_version": "*", 
                    "app_id": "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}", 
                    "pfs_id": "shockwave-director"
                }
            ], 
            "latest": {
                "status": "latest", 
                "app_release": "*", 
                "os_name": "mac", 
                "vendor": "Adobe", 
                "description": "Adobe Shockwave for Director Netscape plug-in, version 11.5", 
                "url": "http://get.adobe.com/shockwave/", 
                "modified": "2010-02-17T03:44:43+00:00", 
                "name": "Shockwave for Director", 
                "locale": "*", 
                "version": "11.5.6", 
                "license_url": "http://www.adobe.com/products/eulas/players/shockwave", 
                "relevance": 4, 
                "app_version": "*", 
                "app_id": "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}", 
                "pfs_id": "shockwave-director"
            }
        }, 
        "aliases": {
            "regex": [
                ".*Shockwave for Director.*"
            ], 
            "literal": [
                "Shockwave for Director"
            ]
        }
    }
]
Oh, and that result was found via this command:

curl -s 'https://pfs2.mozilla.org/?mimetype=application%2Fx-director&appID=%7Bec8030f7-c20a-464f-9b0e-13a3a9e97384%7D&appRelease=3.7a2pre&appVersion=20100215131249&clientOS=Intel+Mac+OS+X+10.6&chromeLocale=en-US' | prettyjson

And that URL was copied from a Firebug trace of the plugin page hitting PFS2
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.