Closed Bug 541009 Opened 15 years ago Closed 15 years ago

Update Plugin Checking for Shockwave Director

Categories

(Websites :: plugins.mozilla.org, defect)

Product:
Websites
Component:
plugins.mozilla.org
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: chofmann, Unassigned)

Details

Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.2.602 and earlier versions, on the Windows and Macintosh operating systems. Adobe recommends Shockwave Player users uninstall Shockwave version 11.5.2.602 and earlier on their systems, restart their systems, and install Shockwave version 11.5.6.606, available here: http://get.adobe.com/shockwave/. http://www.adobe.com/support/security/bulletins/apsb10-03.html We should start out softblocking to warn and get users to update, and check success of that measure, then maybe hardblock at some point.
Checked in r62335 to update PFS2 for the plugin check page. Waiting on IT bug 545918 for production update. Not sure what needs doing for block listing or who can do it.
Summary: Update Plugin Checking for Shockwave Flash → Update Plugin Checking for Shockwave Director
This has been updated in PFS2, and should be flagged as vulnerable on the plugin check page now. [ { "releases": { "others": [ { "status": "vulnerable", "app_release": "*", "os_name": "*", "vendor": "Adobe", "description": "Adobe Shockwave for Director Netscape plug-in, version 11.5", "url": "http://get.adobe.com/shockwave/", "modified": "2010-02-17T03:44:43+00:00", "name": "Shockwave for Director", "vulnerability_description": "The vulnerabilities could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system.", "vulnerability_url": "http://www.adobe.com/support/security/bulletins/apsb10-03.html", "version": "11.5.2", "license_url": "http://www.adobe.com/products/eulas/players/shockwave", "relevance": 2, "locale": "*", "app_version": "*", "app_id": "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}", "pfs_id": "shockwave-director" } ], "latest": { "status": "latest", "app_release": "*", "os_name": "mac", "vendor": "Adobe", "description": "Adobe Shockwave for Director Netscape plug-in, version 11.5", "url": "http://get.adobe.com/shockwave/", "modified": "2010-02-17T03:44:43+00:00", "name": "Shockwave for Director", "locale": "*", "version": "11.5.6", "license_url": "http://www.adobe.com/products/eulas/players/shockwave", "relevance": 4, "app_version": "*", "app_id": "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}", "pfs_id": "shockwave-director" } }, "aliases": { "regex": [ ".*Shockwave for Director.*" ], "literal": [ "Shockwave for Director" ] } } ]
Oh, and that result was found via this command: curl -s 'https://pfs2.mozilla.org/?mimetype=application%2Fx-director&appID=%7Bec8030f7-c20a-464f-9b0e-13a3a9e97384%7D&appRelease=3.7a2pre&appVersion=20100215131249&clientOS=Intel+Mac+OS+X+10.6&chromeLocale=en-US' | prettyjson And that URL was copied from a Firebug trace of the plugin page hitting PFS2
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.