Last Comment Bug 803152 - Please CTP block all versions of Java, and Flash versions 10.3 through (and including) 11.3.*
: Please CTP block all versions of Java, and Flash versions 10.3 through (and i...
Status: VERIFIED FIXED
[plugin]
:
Product: Toolkit
Classification: Components
Component: Blocklisting (show other bugs)
: unspecified
: All All
: -- normal (vote)
: ---
Assigned To: Jorge Villalobos [:jorgev]
: Paul Silaghi, QA [:pauly]
Mentors:
: 799546 (view as bug list)
Depends on: 795387 804552 807258 808824
Blocks:
  Show dependency treegraph
 
Reported: 2012-10-18 09:30 PDT by Alex Keybl [:akeybl]
Modified: 2016-03-07 15:30 PST (History)
12 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description Alex Keybl [:akeybl] 2012-10-18 09:30:54 PDT
Please CTP block all versions of Java, and Flash versions 10.3 through (and including) 11.3 for Firefox versions 17 and up.

This should have all of the necessary plugin name information: https://bsmedberg.etherpad.mozilla.org/ff15-ctp-blocklist-proposal
Comment 1 Alex Keybl [:akeybl] 2012-10-18 10:05:15 PDT
This request should exclude Flash version 10.3.183.19 for all platforms, and version 11.2 for Linux.
Comment 2 Alex Keybl [:akeybl] 2012-10-18 10:16:28 PDT
We should not roll out these blocks for Android.
Comment 3 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2012-10-18 11:57:54 PDT
Draft testplan set up here:
https://wiki.mozilla.org/QA/Plugins/CTP_Blocklist#Round_.232:_Flash_and_Java
Comment 4 Paul Silaghi, QA [:pauly] 2012-10-19 07:04:44 PDT
Wouldn't be better to reduce the blocklist.interval from 24h ?
Comment 5 Benjamin Smedberg [:bsmedberg] 2012-10-19 12:53:53 PDT
To put a finer point on comment 1: Flash 10.3 still gets security updates, so we should really block the following version ranges:

On all platforms: Flash anything less than 10.3.183.19. We don't want to block future 10.3 updates.
On Windows and Mac: Flash 11 through anything less than 11.4.402.287
On Linux: Flash 11 through anything less than 11.2.202.243

Unfortunately I don't think we can deploy the block for Linux because it doesn't report its true version number, it reports something like "Shockwave Flash 11.2 r202"
Comment 6 Paul Silaghi, QA [:pauly] 2012-10-22 09:21:47 PDT
What's the expected behavior if plugins.click_to_play=TRUE but the plugin is also out-of-date (blocklist)? I see the initial pref has priority most of the time, but I managed to get the second one (out-of-date CTP block) couples of times after opening several flash sites and reload.
Comment 7 David Keeler [:keeler] (use needinfo?) 2012-10-22 10:29:55 PDT
The expected behavior is that if a plugin is click-to-play via the blocklist, the security ui will be present (in both the drop-down and the in-page overlay). It would be good to verify that this works properly.
Comment 8 Jorge Villalobos [:jorgev] 2012-10-23 14:13:59 PDT
Are we blocking *all* versions of Java like the bug seems to indicate, or are we not blocking the latest version of every branch, as the test plan indicates?
Comment 9 Jorge Villalobos [:jorgev] 2012-10-23 15:02:47 PDT
https://addons-dev.allizom.org/en-US/firefox/blocked/p163
Flash Player below 10.3.183.19, blocked on Windows and Mac OS X, Firefox 17 and above.
Comment 10 Jorge Villalobos [:jorgev] 2012-10-23 15:07:47 PDT
https://addons-dev.allizom.org/en-US/firefox/blocked/p165
Flash Player Plugin between 11.0 and 11.4.402.287, blocked on Windows and Mac OS X, Firefox 17 and above.
Comment 11 Scoobidiver (away) 2012-10-23 22:03:48 PDT
(In reply to Jorge Villalobos [:jorgev] from comment #9)
> https://addons-dev.allizom.org/en-US/firefox/blocked/p163
> Flash Player below 10.3.183.19, blocked on Windows and Mac OS X, Firefox 17
> and above.
The latest Flash 10.3 is 10.3.183.29.
Comment 12 Paul Silaghi, QA [:pauly] 2012-10-24 02:15:47 PDT
(In reply to Alex Keybl [:akeybl] from comment #1)
> This request should exclude Flash version 10.3.183.19 for all platforms, and
> version 11.2 for Linux.

(In reply to Jorge Villalobos [:jorgev] from comment #9)
> https://addons-dev.allizom.org/en-US/firefox/blocked/p163
> Flash Player below 10.3.183.19, blocked on Windows and Mac OS X, Firefox 17
> and above.

(In reply to Jorge Villalobos [:jorgev] from comment #10)
> https://addons-dev.allizom.org/en-US/firefox/blocked/p165
> Flash Player Plugin between 11.0 and 11.4.402.287, blocked on Windows and
> Mac OS X, Firefox 17 and above.

(In reply to Scoobidiver from comment #11)
> (In reply to Jorge Villalobos [:jorgev] from comment #9)
> > https://addons-dev.allizom.org/en-US/firefox/blocked/p163
> > Flash Player below 10.3.183.19, blocked on Windows and Mac OS X, Firefox 17
> > and above.
> The latest Flash 10.3 is 10.3.183.29.

Any version of Flash including latest (10 - 11.4.402.287) is staged blocked. Please clarify.
Comment 13 Paul Silaghi, QA [:pauly] 2012-10-24 04:58:50 PDT
The previous live blocks are still ON on FF 16 and 17. Why is the infobar not wanted anymore on FF 16? Anyway, I see no infobar blocks on staging for FF 16 but 2 exceptions, due to some old old block - Flash 10.1.85.3 and 10.2.159.1.
Comment 14 Paul Silaghi, QA [:pauly] 2012-10-24 04:59:18 PDT
Java is not blocked.
Comment 15 Paul Silaghi, QA [:pauly] 2012-10-24 07:30:04 PDT
Comment 12 is Windows related only. On Mac OS X 10.7.5 nothing is actually blocked, the out-of-date infobar shows up for all Flash versions (10-latest included)
Comment 16 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2012-10-24 07:54:35 PDT
I made assumptions that we weren't blocking the latest release versions of Java 7 and 6, Flash 10.3 and 11.4 (11.2 on Linux). This was not based on any official statement from Engineering.

It would be great to get explicit clarification about which plugin versions should be blocked and which type of block they should receive in Firefox 16 vs 17.
Comment 17 Jorge Villalobos [:jorgev] 2012-10-24 10:32:15 PDT
(In reply to Scoobidiver from comment #11)
> (In reply to Jorge Villalobos [:jorgev] from comment #9)
> > https://addons-dev.allizom.org/en-US/firefox/blocked/p163
> > Flash Player below 10.3.183.19, blocked on Windows and Mac OS X, Firefox 17
> > and above.
> The latest Flash 10.3 is 10.3.183.29.

Benjamin, do you want me to update the Flash 10.3 block based on this information?

(In reply to Paul Silaghi [QA] from comment #13)
> The previous live blocks are still ON on FF 16 and 17. Why is the infobar
> not wanted anymore on FF 16? Anyway, I see no infobar blocks on staging for
> FF 16 but 2 exceptions, due to some old old block - Flash 10.1.85.3 and
> 10.2.159.1.

We have 4 Flash Player blocks on staging:
* 10.2.159.1 and below have an info bar block on Mac OS.
* 10.2.9999 and below have a CTP/info bar block on Windows.
* Below 10.3.183.19 have a CTP block on Firefox 17 and above (Windows and Mac OS).
* Between 11.0 and 11.4.402.287 have a CTP block on Firefox 17 and above (Windows and Mac OS).

So, here's how things should look.

Windows
* Anything in the 10.2.* branch and lower should have an info bar block on Firefox 16 and below.
* Anything in the 10.2.* branch and lower should have a CTP block on Firefox 17 and above.
* In the 10.3.* branch, below 10.3.183.19, we should have a CTP block on Firefox 17 and above. No block on other versions.
* In the 11.* branch, below 11.4.402.287, we should have a CTP block on Firefox 17 and above. No block on other versions.

Mac OS
* 10.2.159.1 and lower should have an info bar block for all Firefox versions.
* Anything above 10.2.159.1 and below 10.3.183.19 should have a CTP block on Firefox 17 and above. No block on other versions.
* In the 11.* branch, below 11.4.402.287, we should have a CTP block on Firefox 17 and above. No block on other versions.
Comment 18 Benjamin Smedberg [:bsmedberg] 2012-10-24 11:51:47 PDT
There is a meeting about the final list at 4:30 PT that many of you should be invited to. Please ping akeybl if you aren't on the list and want to be.
Comment 19 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2012-10-24 12:09:29 PDT
Neither Paul nor I will be able to attend that meeting but I would appreciate it if someone could communicate the outcomes either via email or to this bug. Paul will require that information to effectively test this blocklist. I've asked that Juan attend the meeting so QA is represented.

Thanks
Comment 20 Jorge Villalobos [:jorgev] 2012-10-24 16:47:52 PDT
Java Plugin 7 update 7 and 8 (click-to-play), Mac OS X, Firefox 17 and above
https://addons-dev.allizom.org/en-US/firefox/blocked/p167

Java Plugin 7 update 7 and 8 (click-to-play), Windows, Firefox 17 and above
https://addons-dev.allizom.org/en-US/firefox/blocked/p169

Java Plugin 7 update 7 and 8 (click-to-play), Linux, Firefox 17 and above
https://addons-dev.allizom.org/en-US/firefox/blocked/p171

All other versions in the Java 7 branch are softblocked, so I didn't include them.
Comment 21 Paul Silaghi, QA [:pauly] 2012-10-25 02:50:12 PDT
The things don't look too good, as I already said. 
Here are the results for FF 17 on staging:
Win - all Flash Players (10 - latest 11.4.402.287 included) are CTP blocked
Mac OS X - all Flash Players (10 - latest 11.4.402.287 included) are infobar blocked
Comment 22 Paul Silaghi, QA [:pauly] 2012-10-25 07:52:41 PDT
(In reply to Jorge Villalobos [:jorgev] from comment #20)
> Java Plugin 7 update 7 and 8 (click-to-play), Mac OS X, Firefox 17 and above
> https://addons-dev.allizom.org/en-US/firefox/blocked/p167
> 
> Java Plugin 7 update 7 and 8 (click-to-play), Windows, Firefox 17 and above
> https://addons-dev.allizom.org/en-US/firefox/blocked/p169
> 
> Java Plugin 7 update 7 and 8 (click-to-play), Linux, Firefox 17 and above
> https://addons-dev.allizom.org/en-US/firefox/blocked/p171
> 
> All other versions in the Java 7 branch are softblocked, so I didn't include
> them.

Tested on Windows only:

Java 6 <= Java 6u32 are softblocked
Java 6u33, 6u34, 6u35, 6u37 are NOT softblocked
Java 7 <= Java 7u6 are softblocked
Java 7u7 is CTP blocked
Java 7u8 - cannot find the installation kit
Java 7u9 (latest) - not blocked as expected
Comment 23 Jorge Villalobos [:jorgev] 2012-10-25 08:25:57 PDT
(In reply to Paul Silaghi [QA] from comment #22)
> Tested on Windows only:
> 
> Java 6 <= Java 6u32 are softblocked
> Java 6u33, 6u34, 6u35, 6u37 are NOT softblocked

This is expected because no Java 6 blocks have been staged yet.

> Java 7 <= Java 7u6 are softblocked
> Java 7u7 is CTP blocked
> Java 7u8 - cannot find the installation kit
> Java 7u9 (latest) - not blocked as expected

These look okay, though we should find a way to test update 8.
Comment 24 Paul Silaghi, QA [:pauly] 2012-10-25 08:34:25 PDT
(In reply to Jorge Villalobos [:jorgev] from comment #23)
> These look okay, though we should find a way to test update 8.

"Java SE 7 Update 8 (7u8) is being renumbered to Java SE 7 Update 10 (7u10)."
http://jdk7.java.net/download.html
Comment 25 Jorge Villalobos [:jorgev] 2012-10-25 08:34:44 PDT
(In reply to Paul Silaghi [QA] from comment #21)
> The things don't look too good, as I already said. 
> Here are the results for FF 17 on staging:
> Win - all Flash Players (10 - latest 11.4.402.287 included) are CTP blocked
> Mac OS X - all Flash Players (10 - latest 11.4.402.287 included) are infobar
> blocked

Yes, looking at the blocklist, the entries are not including plugin version ranges anymore, which making the blocks behave incorrectly. This is a regression caused by bug 795387.
Comment 26 Jorge Villalobos [:jorgev] 2012-10-25 14:56:01 PDT
OK, now that bug 795387 is resolved again (I checked and it looks good), we need to retest these blocks. Paul mentioned not being available tomorrow, so we might need someone else from QA to step in.
Comment 27 Jorge Villalobos [:jorgev] 2012-10-25 16:37:05 PDT
Java Plugin 6 updates 33 through 36 (click-to-play), Windows
https://addons-dev.allizom.org/en-US/firefox/blocked/p173

Java Plugin 6 updates 36 and lower (click-to-play), Mac OS X *
https://addons-dev.allizom.org/en-US/firefox/blocked/p175

Java Plugin 6 updates 33 through 36 (click-to-play), Linux **
https://addons-dev.allizom.org/en-US/firefox/blocked/p179

* Note that this block only covers the Oracle plugin, not the one that used to be bundled with Mac OS X. To block that one, we would need help from QA to figure out which was the latest version of the plugin and which JRE version it corresponds to. I could CTP all versions of that plugin, if we feel that's necessary.

** Also limited to the Oracle plugin, which isn't typically found in Linux distros.

This should cover all CTP blocks required by this bug.
Comment 28 Paul Silaghi, QA [:pauly] 2012-10-29 07:37:57 PDT
(In reply to Scoobidiver from comment #11)
> (In reply to Jorge Villalobos [:jorgev] from comment #9)
> > https://addons-dev.allizom.org/en-US/firefox/blocked/p163
> > Flash Player below 10.3.183.19, blocked on Windows and Mac OS X, Firefox 17
> > and above.
> The latest Flash 10.3 is 10.3.183.29.

What about Flash 10.3.183.19 - 10.3.183.29 ?

And what about Flash on linux ?
Comment 29 Jorge Villalobos [:jorgev] 2012-10-29 08:18:41 PDT
(In reply to Paul Silaghi [QA] from comment #28)
> (In reply to Scoobidiver from comment #11)
> > (In reply to Jorge Villalobos [:jorgev] from comment #9)
> > > https://addons-dev.allizom.org/en-US/firefox/blocked/p163
> > > Flash Player below 10.3.183.19, blocked on Windows and Mac OS X, Firefox 17
> > > and above.
> > The latest Flash 10.3 is 10.3.183.29.
> 
> What about Flash 10.3.183.19 - 10.3.183.29 ? 

I asked this on comment #17 and haven't seen a response yet.

> And what about Flash on linux ?

Plugins on Linux don't report their version numbers correctly to the Add-ons Manager, so we can't block the Flash plugin effectively. We can block Java because the version number is reported in the Java plugin name and we can create blocks based on name patterns.
Comment 30 Paul Silaghi, QA [:pauly] 2012-10-29 09:27:35 PDT
Except versions between 10.3.183.19 - 10.3.183.29, Flash is properly blocked both on Win and Mac OS X.
Comment 31 Paul Silaghi, QA [:pauly] 2012-10-29 09:31:00 PDT
Java is properly blocked on Win (j6u37 and j7u9 are not blocked as expected).
Currently testing java on linux.

I didn't manage to install an older version of java on Mac, also didn't found any documentation for that. Any ideas ?
Comment 32 Alex Keybl [:akeybl] 2012-10-29 11:10:39 PDT
(In reply to Paul Silaghi [QA] from comment #31)
> Java is properly blocked on Win (j6u37 and j7u9 are not blocked as expected).
> Currently testing java on linux.
> 
> I didn't manage to install an older version of java on Mac, also didn't
> found any documentation for that. Any ideas ?

We've had problems around testing this previously. I wouldn't block deploying on final verification here - we can rely on external testing for older versions of Java on Mac.
Comment 33 Scoobidiver (away) 2012-10-29 11:53:45 PDT
(In reply to Scoobidiver from comment #11)
> The latest Flash 10.3 is 10.3.183.29.
Adobe references it as the latest one on their website: http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html#flash_player_archives and http://www.adobe.com/support/security/bulletins/apsb12-22.html
Comment 34 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2012-10-29 11:55:50 PDT
Trying to understand a high-level assessment of where we are at here. Please correct me where I am wrong.

Flash 10.3 to 11.3 excluding 10.3.183.19 and 11.4.402.287
* Windows: Tested and signed-off
* Mac: Tested and signed off
* Linux: Untested since they don't report correct version numbers to Firefox

Java 7 excluding 7u9
* Windows: Tested and signed-off
* Mac: Untested due to technical complexities of Apple's Java support model
* Linux: Remains to be tested

Java 6 excluding 6u37
* Windows: Tested and signed-off
* Mac: Untested due to technical complexities of Apple's Java support model
* Linux: Tested and signed-off

As far as I can tell all that remains is to test Java 7 on Linux. The one caveat being that we will push live without Mac testing. We'll let Mac users inform us of any issues and react accordingly post-push as we've done in the past.

Is this an accurate assessment?
Comment 35 Jorge Villalobos [:jorgev] 2012-10-29 13:27:06 PDT
(In reply to Anthony Hughes, Mozilla QA (:ashughes) from comment #34) 
> Is this an accurate assessment?

Looks right to me.
Comment 36 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2012-10-29 14:15:19 PDT
(In reply to Jorge Villalobos [:jorgev] from comment #35)
> (In reply to Anthony Hughes, Mozilla QA (:ashughes) from comment #34) 
> > Is this an accurate assessment?
> 
> Looks right to me.

Thanks Jorge. I'll try to get the Java 7 Linux testing complete today so we can either push live tonight having Paul test the live block, or tomorrow morning having me test the live block.
Comment 37 Scoobidiver (away) 2012-10-29 14:22:49 PDT
(In reply to Anthony Hughes, Mozilla QA (:ashughes) from comment #34)
> excluding 10.3.183.19
This version doesn't even exist and you are allowing 10.3.183.20, 10.3.183.23 and 10.3.183.25 that are vulnerable. See comment 33.
Comment 38 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2012-10-29 14:26:28 PDT
Thanks Scoobidiver, you are right. The latest Flash 10.3 version supported by Adobe is 10.3.183.29. We should amend the Flash 10.3 block to cover all Flash 10.3 excluding 10.3.183.29. If this has already been done I can test it, if not I'm inclined to block sign-off until we do.
Comment 39 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2012-10-29 15:00:07 PDT
I've been trying for nearly an hour trying to get old versions of Java 7 to install in Linux unsuccessfully. I don't think this is getting done today. I'll keep trying to find a way to get this to work until the end of the day. Failing that, Paul can you please try to test Java 7 on Linux? Thanks.
Comment 40 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2012-10-29 15:12:29 PDT
I managed to get Java 7 to register in Firefox 17.0b3 now but I think I'm hitting another block which might be taking precedence over the staged block.

1. Install Java 7.0
2. Start Firefox, update about:config prefs to staging
3. Force a blocklist ping and open Add-ons Manager :: Plugins
> Java 1.7.0 is disabled because it's known to cause security vulnerabilities
3. Enable Java
4. Load a Java applet
> Java applet is loaded without blocking
Comment 41 Jorge Villalobos [:jorgev] 2012-10-29 16:00:55 PDT
Which version of Java 7 is this?
Comment 42 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2012-10-29 16:11:47 PDT
(In reply to Jorge Villalobos [:jorgev] from comment #41)
> Which version of Java 7 is this?

Java 7.0, the initial Java 7 release.
Comment 43 Jorge Villalobos [:jorgev] 2012-10-29 16:36:04 PDT
See comment #20. The Java block only covers Java 7 update 7 and 8. The rest of the Java 7 should be softblocked only.
Comment 44 Jorge Villalobos [:jorgev] 2012-10-29 16:36:41 PDT
(In reply to Jorge Villalobos [:jorgev] from comment #43)
> the rest of the Java 7

the rest of the Java 7 *branch*
Comment 45 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2012-10-29 16:50:23 PDT
(In reply to Jorge Villalobos [:jorgev] from comment #43)
> See comment #20. The Java block only covers Java 7 update 7 and 8. The rest
> of the Java 7 should be softblocked only.

I don't think we can test CTP for Java 7 on Linux then...

http://www.oracle.com/technetwork/java/javase/downloads/java-archive-downloads-javase7-521261.html

...only shows Java 7u6 and below.
Comment 46 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2012-10-29 16:54:46 PDT
Given my assessment in comment 34, if it's believed the risk is low to pushing live without Java testing on Mac and without Java 7 testing on Linux then I can send QA sign off. However, I won't send sign off until someone okays that risk.
Comment 47 Paul Silaghi, QA [:pauly] 2012-10-30 06:08:14 PDT
I finally found j7u7 for linux: http://www.oracle.com/technetwork/java/javase/downloads/jre7u7-downloads-1836441.html.
Given that, j7u8 remains untested, both on Win and Linux (but I guess that's ok due to comment 24) and also the java issue on Mac. So, the results are:
Java 6 <= Java 6u32 are softblocked
Java 6u33, 6u34, 6u35 are CTP blocked
Java 7 <= Java 7u6 are softblocked
Java 7u7 is CTP blocked
Java 7u8 - N/A
Java 6u37, 7u9 (latest) - not blocked as expected
Comment 48 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2012-10-30 10:15:22 PDT
Given the results I think we are good to push live. Assuming there is no requirement to send an email to r-d, consider this comment QA sign-off for staging.
Comment 49 Scoobidiver (away) 2012-10-30 10:28:46 PDT
(In reply to Anthony Hughes, Mozilla QA (:ashughes) from comment #48)
> Given the results I think we are good to push live.
What about comment 38?
Comment 50 Jorge Villalobos [:jorgev] 2012-10-30 13:05:22 PDT
I just remembered that bug 795387 hasn't been pushed to production yet, since we needed to test that it was working well first. I'll ask to get it pushed now.
Comment 51 Jorge Villalobos [:jorgev] 2012-10-30 15:01:34 PDT
Done:

Java Plugin 6 updates 33 through 36 (click-to-play), Linux
https://addons.mozilla.org/en-US/firefox/blocked/p190

Java Plugin 6 updates 36 and lower (click-to-play), Mac OS X
https://addons.mozilla.org/en-US/firefox/blocked/p188

Java Plugin 6 updates 33 through 36 (click-to-play), Windows
https://addons.mozilla.org/en-US/firefox/blocked/p186

Java Plugin 7 update 7 and 8 (click-to-play), Linux
https://addons.mozilla.org/en-US/firefox/blocked/p184

Java Plugin 7 update 7 and 8 (click-to-play), Windows
https://addons.mozilla.org/en-US/firefox/blocked/p182

Java Plugin 7 update 7 and 8 (click-to-play), Mac OS X
https://addons.mozilla.org/en-US/firefox/blocked/p180

Flash Player Plugin between 11.0 and 11.4.402.287 (click-to-play)
https://addons.mozilla.org/en-US/firefox/blocked/p178

Flash Player Plugin below 10.3.183.19 (click-to-play) 
https://addons.mozilla.org/en-US/firefox/blocked/p176
Comment 52 Scoobidiver (away) 2012-10-30 15:13:11 PDT
Should I file a new bug for the 3 vulnerable Flash 10.3 versions (10.3.183.20, 10.3.183.23 and 10.3.183.25) that are not blocked?
Comment 53 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2012-10-30 16:50:28 PDT
The blocks appear to be working as expected on production. Be advised that we were unable to test Java on Mac, as with the staged block.
Comment 54 Paul Silaghi, QA [:pauly] 2012-10-31 03:07:12 PDT
(In reply to Scoobidiver from comment #52)
> Should I file a new bug for the 3 vulnerable Flash 10.3 versions
> (10.3.183.20, 10.3.183.23 and 10.3.183.25) that are not blocked?

Done - bug 807258
Comment 55 Alex Keybl [:akeybl] 2012-10-31 16:20:35 PDT
*** Bug 799546 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.