Stuart, today's Flash 0-day is supposedly only targeting WinIE in the wild: http://www.adobe.com/support/security/bulletins/apsb12-09.html Should we go ahead and move the minimum versions up to the new versions anyway? I.e., is our policy (bug 662666 comment 15 et seq) to move the version on all 0-days, or only on 0-days believed to impact Mac OS X?
I'm all in favor of blocking them - some dump comic might find a way to recycle the latest hole(s), even if it is just for the fun of it.
Since it's not clear if the vulnerability is hard to exploit for Mac, or the cases they know of just didn't happen to, let's go ahead and block it.
5 years ago
Created attachment 621357 [details] [diff] [review] Does the deed Per bug 688370 comment 1, there's blanket-sr=smorgan for this. I'll land it as soon as we have a tinderbox.m.o again :P
Created attachment 621367 [details] [diff] [review] Does the deed, with the right versions Argh, that's supposed to be .19; how did I manage to get both versions wrong in this bug? (But I got both right in flash-check.js :P )