according to reports the foxit pdf browser plugin is affected by a highly critical vulnerability which can be exploited to inject malicious code:
please consider blocking it up to the latest plugin version 184.108.40.2060 in order to protect users...
philipp, you should have used the link in https://wiki.mozilla.org/Blocklisting#How_to_request_a_block
Version 220.127.116.110 is the current version.
Plugin name: Foxit Reader Plugin
Plugin versions to block: 18.104.22.1680 and below
Applications, versions, and platforms affected: Windows
Block severity: (hard/soft)
How does this plugin appear in about:plugins?
Description: Foxit Reader Plug-In For Firefox and Netscape
Homepage and other references and contact info: http://www.foxitsoftware.com/Secure_PDF_Reader/
It is currently staged as a CTP block, but I'm not sure if this is the right UX to provide in this case. I don't know if the PDF download will be triggered, or if the CTP UI will appear. If it doesn't, maybe we should go for a softblock.
The desired UI is the CTP block. I believe it should work, but QA should verify before we push this live.
I've tested this on staging. The block is CTP. When I try to open a PDF file I get the page showing the lego piece and the message saying the plugin has vulnerabilities. About:addons shows the plugin as enabled, but it shows the message that it is known to be vulnerable and to use with caution. If I click through it I can see the document.
We can move to production when you are ready.
Created attachment 701896 [details]
CTP Foxit Reader Plugin
Let's give people on the email@example.com mailing list an hour or two to respond with any last minute issues, and then move this to production.
The block is now live: https://addons.mozilla.org/en-US/firefox/blocked/p250
This has been verified on production.