Closed Bug 783068 Opened 11 years ago Closed 11 years ago
Blocklist Flash 11 versions < 11
.3 .300 .271 on Intel due to 0-day
(Camino Graveyard :: Plug-ins, defect)
(Reporter: alqahira, Assigned: alqahira)
1.15 KB, patch
|Details | Diff | Splinter Review|
There's an in-the-wild attack (on Windows) exploiting Flash that Adobe just released Flash 11.3.300.271 to account for. There was no corresponding Flash 10.3 release; it's unclear whether they've now EOLed Flash 10.3 (but their normal download site still offers it, rather than forcing you to get it from the giant "Archived Flash Player Versions" zip) or if Flash 10.3 wasn't affected. If it's the former, we'll want to come up with some form of mitigation for anyone using 10.3.x (10.4-10.5 Intel, plus anyone on 10.6+ who has installed 10.3.x for Camino), but it's unclear at this time, so we'll just have to wait-and-see.
11 years ago
Pushed the Flash 11 block version-rev as http://hg.mozilla.org/camino/rev/992ad5aec6f4
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
11 years ago
To partially answer my question: today's (regularly-scheduled?) Flash critical update replaced Flash 11.3.x with Flash 11.4.402.265, and updated Flash 10.3 to 10.3.183.23 (a jump from .20 to .23; intermediate versions never seem to have been released, based on the list of archived Flash player versions).  http://www.adobe.com/support/security/bulletins/apsb12-19.html  http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html#main_Archived_versions So, we continue to remain OK (fingers crossed, knock on wood, …).
You need to log in before you can comment on or make changes to this bug.