Closed Bug 807258 Opened 9 years ago Closed 9 years ago

the last Flash 10.3 versions (10.3.183.20 (August 2012) and above) are not CTP-blocked

Categories

(Toolkit :: Blocklist Policy Requests, defect)

defect
Not set
normal

Tracking

()

VERIFIED FIXED

People

(Reporter: pauly, Unassigned)

References

Details

(Whiteboard: [plugin])

Now we have Flash Player below 10.3.183.19 blocked.
Since 10.3.183.29 is the latest 10.3 version, we should block anything below 10.3.183.29.
No longer depends on: 803152
Component: Plug-ins → Blocklisting
OS: Windows 7 → All
Product: Core → addons.mozilla.org
Hardware: x86_64 → All
Whiteboard: [plugin]
Version: Trunk → unspecified
Blocks: 803152
Adobe released Flash 10.3.183.43 (see http://www.adobe.com/support/security/bulletins/apsb12-24.html) making version 10.3.183.29 obsolete and vulnerable.

See also: http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html#main_Archived_versions
Summary: Flash 10.3 versions (10.3.183.20, 10.3.183.23 and 10.3.183.25) are not blocked → Flash 10.3 versions (10.3.183.20, 10.3.183.23, 10.3.183.25, and 10.3.183.29) are not blocked
Blocks: 843373
No longer blocks: 843373
The latest CTP-blocked Flash 11 is 11.4.402.286 released on October 2012.
See http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html

Thus, we allow Flash 10.3 versions with more vulnerabilities than in Flash 11.
Summary: Flash 10.3 versions (10.3.183.20, 10.3.183.23, 10.3.183.25, and 10.3.183.29) are not blocked → the last Flash 10.3 versions (10.3.183.20 (August 2012) and above) are not CTP-blocked
QA Contact: anthony.s.hughes
(In reply to Jorge Villalobos [:jorgev] from comment #3)
> The new block is staged now:
> https://addons-dev.allizom.org/en-US/firefox/blocked/p281

Just to confirm this CTP blocks all Flash 10.3 versions from 10.3.183.20 to 10.3.183.63?
It CTP blocks all versions from 10.3.183.19 to 10.3.183.42, on Firefox 20 and above.
I think it is safe to push this to production based on the following results:
* Firefox 19.0 + Flash 10.3.183.29: NOT BLOCKED
* Firefox 20.0b1 + Flash 10.3.183.51: NOT BLOCKED
* Firefox 21.0a2 + Flash 10.3.183.20: CLICK-TO-PLAY
* Firefox 22.0a1 + Flash 10.3.183.25: CLICK-TO-PLAY
This block has just been pushed live: https://addons.mozilla.org/en-US/firefox/blocked/p290
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
(In reply to Jorge Villalobos [:jorgev] from comment #7)
> This block has just been pushed live:
> https://addons.mozilla.org/en-US/firefox/blocked/p290

Confirmed block is working as expected in production.
Status: RESOLVED → VERIFIED
Keywords: qawanted
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.