The default bug view has changed. See this FAQ.

Blocklist Flash versions < 10.3.183.19 / 11.2.202.235 on Intel due to 0-day

RESOLVED FIXED

Status

Camino Graveyard
Plug-ins
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: Smokey Ardisson (offline for a while; not following bugs - do not email), Assigned: Smokey Ardisson (offline for a while; not following bugs - do not email))

Tracking

Details

(Whiteboard: [camino-2.1.3])

Attachments

(1 attachment, 1 obsolete attachment)

Stuart, today's Flash 0-day is supposedly only targeting WinIE in the wild: http://www.adobe.com/support/security/bulletins/apsb12-09.html

Should we go ahead and move the minimum versions up to the new versions anyway?  I.e., is our policy (bug 662666 comment 15 et seq) to move the version on all 0-days, or only on 0-days believed to impact Mac OS X?

Comment 1

5 years ago
I'm all in favor of blocking them - some dump comic might find a way to recycle the latest hole(s), even if it is just for the fun of it.

Comment 2

5 years ago
Since it's not clear if the vulnerability is hard to exploit for Mac, or the cases they know of just didn't happen to, let's go ahead and block it.
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Summary: Blocklist all Flash versions < 10.3.183.18 / 11.0.202.238 on Intel due to 0-day? → Blocklist all Flash versions < 10.3.183.18 / 11.2.202.235 on Intel due to 0-day?
Created attachment 621357 [details] [diff] [review]
Does the deed

Per bug 688370 comment 1, there's blanket-sr=smorgan for this.  I'll land it as soon as we have a tinderbox.m.o again :P
Created attachment 621367 [details] [diff] [review]
Does the deed, with the right versions

Argh, that's supposed to be .19; how did I manage to get both versions wrong in this bug?  (But I got both right in flash-check.js :P )
Attachment #621357 - Attachment is obsolete: true
http://hg.mozilla.org/camino/rev/7e142af8f588
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Summary: Blocklist all Flash versions < 10.3.183.18 / 11.2.202.235 on Intel due to 0-day? → Blocklist Flash versions < 10.3.183.19 / 11.2.202.235 on Intel due to 0-day
Whiteboard: [camino-2.1.3]
You need to log in before you can comment on or make changes to this bug.