662460 - Update Flash warning on the Firefox What's New page for Flash version 10.3.181.22

Status: VERIFIED FIXED

(www.mozilla.org :: General, defect)

Description

[Kohei Yoshino [:kohei]]

+++ This bug was initially created as a clone of Bug #651958 +++

via bug 662270. detect-flash.js should be updated.

Note that the previous version was 10.3.181.14 and the latest version is 10.3.181.22. Because detect-flash.js only checks the major version, minor version and revision, it fails to detect the vulnerable version. We also have to check the *build number*.

And one more thing: why not use navigator.plugins['Shockwave Flash'].version to detect the accurate version? The script is only used on the Firefox 3.6+ whatsnew pages, it could be so simple like this:
http://mozilla.jp/js/mj/detect-flash.js

Comment 1

[Kohei Yoshino [:kohei]]

The XSS 0-day exploits are in the wild; please update the warning right now.

Comment 2

[mcbmoz]

Reassigning to Steven, as James is on PTO.

Comment 3

[Steven Garrity [:sgarrity]]

I don't know much about this JS file. Kohei, are we ok to take what you've got in http://mozilla.jp/js/mj/detect-flash.js?

Comment 4

[Michael Gauthier [:gauthierm]]

Merged code with mozilla.jp code in r90331.

Comment 5

[Steven Garrity [:sgarrity]]

Kohei, it appears that the navigator.plugins[foo].version doesn't work on Linux. Can you confirm?

Comment 6

[Michael Gauthier [:gauthierm]]

Added extra code to use the plugin description for Linux in r90340.

Comment 7

[Steven Garrity [:sgarrity]]

Merged to stage in r90417.

Comment 8

[Anthony Ricaud (:rik)]

Yeah, big thanks Michael for that.

I can push this as soon as it's been QA-ed.

Comment 9

[raymond [:retornam] (inactive)]

qa-verified-trunk http://www-trunk.stage.mozilla.com/en-US/firefox/4.0/whatsnew/

Comment 10

[James Long (:jlongster)]

pushed to production r90578

Comment 11

[raymond [:retornam] (inactive)]

verified fixed http://www.mozilla.com/en-US/firefox/4.0/whatsnew/