Closed Bug 678433 Opened 13 years ago Closed 7 years ago

Update plugin check for QuickTime Version 7.7 (Windows and Mac OS X v10.5.8), mark 7.6.6 entries vulnerable

Categories

(Websites :: plugins.mozilla.org, defect)

Product:
Websites
Component:
plugins.mozilla.org
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: dveditz, Assigned: kev)

References

(
URL
)

Details

Attachments

(1 file)

apple-quicktime.json
4.99 KB, text/plain
Details 
Quicktime 7.7 was released for Windows and Mac 10.5 and fixes more than a dozen  security problems as described at http://support.apple.com/kb/HT4826  We need to mark 7.6.9 vulnerable and set 7.7 as the "latest" version.

According to bug 617560 comment 6 we may have a problem with 7.6.6 on Mac. In the database I see that 7.6.6 and 7.6.6.0 are marked "latest" and it's possible we're matching users with that rather entry and ignoring the fact that higher/newer versions are vulnerable. It's possible for an older version to be safe while a newer version has a recently introduced security hole so I can't say the plugincheck site is wrong -- the entry is, though!
Attached file apple-quicktime.json 
I tried editing the plugin entries but there didn't seem to be a way to share it other than the "push live" button which I wasn't keen to do. In particular I wonder why we had 7.6.6.0 entries and if that means we need a 7.7.0.0 to match on Mac. Anyway, if it helps give you a start here's what I did in my sandbox.
details: 
- added three 7.7 version entries
- changed the three 7.6.9 entries to "vulnerable" and added advisory links
- changed 7.6.6 mac and 7.6.6.0 to "vulnerable" and added advisory links
QuickTime 7.6.6 mac is current version for Snow Leopard (OS X 10.6.8) and before. Update is only available for OS X 10.7 and above.

Plugin Check should not be reporting QuickTime 7.6.6 on Macs running OS X 10.6.8 or earlier.
"For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems."

Mac OS X 10.6 AKA Snow Leopard.
OS X Lion AKA OS X 10.7
See Also: → 1037743
See Also: 1037743
Resolving as wontfix, given the state of the plugincheck today. Changes were made that addressed these, I believe.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: