according to reports the foxit pdf browser plugin is affected by a highly critical vulnerability which can be exploited to inject malicious code: www.h-online.com/security/news/item/Current-Foxit-Reader-can-execute-malicious-code-1780636.html please consider blocking it up to the latest plugin version 184.108.40.2060 in order to protect users...
philipp, you should have used the link in https://wiki.mozilla.org/Blocklisting#How_to_request_a_block Version 220.127.116.110 is the current version. Plugin name: Foxit Reader Plugin Plugin versions to block: 18.104.22.1680 and below Applications, versions, and platforms affected: Windows Block severity: (hard/soft) How does this plugin appear in about:plugins? File: npFoxitReaderPlugin.dll Version: 22.214.171.1240 Description: Foxit Reader Plug-In For Firefox and Netscape Homepage and other references and contact info: http://www.foxitsoftware.com/Secure_PDF_Reader/ Reasons: http://secunia.com/advisories/51733/
Staged: https://addons-dev.allizom.org/en-US/firefox/blocked/p263 It is currently staged as a CTP block, but I'm not sure if this is the right UX to provide in this case. I don't know if the PDF download will be triggered, or if the CTP UI will appear. If it doesn't, maybe we should go for a softblock.
The desired UI is the CTP block. I believe it should work, but QA should verify before we push this live.
I've tested this on staging. The block is CTP. When I try to open a PDF file I get the page showing the lego piece and the message saying the plugin has vulnerabilities. About:addons shows the plugin as enabled, but it shows the message that it is known to be vulnerable and to use with caution. If I click through it I can see the document. We can move to production when you are ready.
Let's give people on the firstname.lastname@example.org mailing list an hour or two to respond with any last minute issues, and then move this to production.
The block is now live: https://addons.mozilla.org/en-US/firefox/blocked/p250
This has been verified on production.