Closed Bug 801329 Opened 7 years ago Closed 6 years ago

plugincheck is incorrectly identifying the latest Linux flash plugin as vulnerable

Categories

(Websites :: plugins.mozilla.org, defect)

x86_64
Linux
defect
Not set

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 968726

People

(Reporter: wgianopoulos, Unassigned)

References

Details

plugincheck is incorrectly identifying the latest Adobe Linux flashplayer (11.2.202.243) as being vulnerable.
Summary: plugincheck is incorrectly identifying the latest Linux flash plugin a s vunerable → plugincheck is incorrectly identifying the latest Linux flash plugin as vunerable
Summary: plugincheck is incorrectly identifying the latest Linux flash plugin as vunerable → plugincheck is incorrectly identifying the latest Linux flash plugin as vulnerable
working on it
http://www.reddit.com/r/firefox/comments/1euomf/can_i_still_use_flash_in_linux/

"I have version 11,2,202,285 installed and according to both that page and https://get.adobe.com/flashplayer/, it is the current version for Linux."

http://www.adobe.com/support/security/bulletins/apsb13-14.html seems to be the latest bulletin, and says .285 is current.
(In reply to Carsten Book [:Tomcat] from comment #1)
> working on it

Is this still being worked on?
I am apparently incorrectly being told to update.

The plugin check https://www.mozilla.org/en-US/plugincheck/ reports I am vulnerable and should update. It then offers to update to the currently installed version 
> Shockwave FlashShockwave Flash 11.2 r202	vulnerable	Update Now
On clicking the update option I get http://get.adobe.com/flashplayer/
> Download Adobe Flash Player
>Adobe Flash Player version 11.2.202.297
>Your system: Linux 64-bit, Firefox 
With a caution box (expected)
>NOTE: Adobe Flash Player 11.2 will be the last version to target Linux as a supported >platform. Adobe will continue to provide security backports to Flash Player 11.2 for Linux. 


I am using Firefox 24.0a2 (2013-07-31) (canonical) on Linux (Ubuntu LTS 12.04)
http://www.adobe.com/uk/software/flash/about/
confirms 
> You have version 11,2,202,297 installed
and has table confirming this is the latest version
> Linux 	Mozilla, Firefox, SeaMonkey (Flash Player 11.2 is the last supported Flash Player version for Linux. Adobe will continue to provide security updates.) 	11.2.202.297

about:plugins shows
Shockwave Flash 11,2,202,297 last Update 12/07/13

Firefox Nightly 26.0a1 (2013-08-17) (Mozilla) gives similar results.

There is a related sumo discussion thread 
> Plugincheck incorrectly reports Flash plugin as vulnerable in Linux
> https://support.mozilla.org/en-US/forums/contributors/709556
I have the same result as John Hesling on FF23.0  with Flash 11,2,202,297 installed on an Ubuntu 12.04 x64 system.

mozilla plugincheck reports the plugin as outdated and vulnerable even though it is the latest version for my system according to Adobe
Same here... running Debian Wheezy (x64) and Firefox 23.0.1 with the latest flashplayer plugin installed ("11,2,202,310").
Same with FF26.0(beta) on Fedora 16. Flashplayer plugin is latest version = 11.2.202.310 .
I've just reported <https://bugzilla.mozilla.org/show_bug.cgi?id=942356> before having been shown this bug report. I found that the issue is incorrect version information is being put in the pluginreg.dat file, note the commas separating the version numbers.

Version: 11,2,202,327
should be
Version: 11.2.202.327

Change the pluginreg.dat information to the correct version format and the plugin check page reports (correctly) that the Flash version is up-to-date. 

If others can please verify by modifying the pluginreg.dat file (do it before starting Firefox or SeaMonkey), then I think this bug can be closed out, and 942356 be used to resolve why there are commas instead of periods being placed in the file.
Just tried and I can confirm that changing the pluginreg.dat the plugin is correctly reported as updated.
Plugincheck could still work around the version string with commas instead of dots: even after bug 942356 is fixed it will still take time for the fix to get into a release.
Duplicate of this bug: 952776
This now WORKSFORME.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WORKSFORME
This bug is still present on my system (now running Firefox 26.0).

"about:plugins" shows "11,2,202,332" as installed and Adobe flashplayer site also says I have the latest version available yet Mozilla plugincheck site thinks I have to update. Am I missing something?
Well, normally we mark bugs as fixed when the issue is fixed in the current codebase for Nightly releases, and NOT when it is fixed in the Release Product.  However, since I did file this bug on the website, and comment 10 indicates there might be something that could be done there because the fix for bug 942356 is not going to make it to release until Firefox 28, I am re-oepning this bug.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Status: REOPENED → NEW
Maybe better than closing it as "worksforme" or reopening"" as "new" would be using bugzilla tags "Version → current stable" and "Target milestone → 28" to redefine the current status of the bug.
Depends on: 942536
Depends on: 942356
No longer depends on: 942536
I took a different approach and nominated the already implemented, tested and verified fix for bug 931469 for uplifting to beta so it might land sooner.
(In reply to Bill Gianopoulos [:WG9s] from comment #16)
> I took a different approach and nominated the already implemented, tested
> and verified fix for bug 931469 for uplifting to beta so it might land
> sooner.

Well, the issue with that is this was a bug filed against the website and not the mozilla codebase, so that is no more appropriate than my previous WORKSFORME.
My personal feeling is that the fix in bug 931469 is lame and the real fix should have been to treat the commas as periods on the website rather than a wallpaper fix in the browser.  Evidently I was overruled on that so I have gotten over it.  So I think the likelihood of a website change to avoid this issue before the Feb r4t date when Firefox 27 is coming out is fairly close to zero, so I am trying to get the product workaround into Firefox 27 rather than pushing for a website change.
If you mean bug 952776, that bug was not supposed to be a substitute for fixing plugincheck.
That bug is a work-around that is not limited to this specific website.
Marking as a duplicate of https://bugzilla.mozilla.org/show_bug.cgi?id=968726
Status: NEW → RESOLVED
Closed: 6 years ago6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 968726
You need to log in before you can comment on or make changes to this bug.