Closed
Bug 1206889
Opened 9 years ago
Closed 9 years ago
Blocklist flash 18.0.0.232
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
FIXED
44.2
People
(Reporter: kjozwiak, Assigned: jorgev)
References
()
Details
Adobe has released an advisory for several vulnerabilities in Adobe Flash Player 18.0.0.232 and earlier versions for Windows, Macintosh and Linux: * https://helpx.adobe.com/security/products/flash-player/apsb15-23.html - Adobe Flash Player Desktop Runtime - 19.0.0.185 [Windows and Macintosh] - Adobe Flash Player Extended Support Release - 18.0.0.241 [Windows and Macintosh] - Adobe Flash Player for Linux - 11.2.202.521 [Linux]
Assignee | ||
Comment 1•9 years ago
|
||
Dan, what do you think about the severity of these vulns?
Flags: needinfo?(dveditz)
Reporter | ||
Comment 2•9 years ago
|
||
The ones listed in comment # 0 are the new versions, the following are the vulnerable versions: - Adobe Flash Player Desktop Runtime - 18.0.0.232 and earlier [Windows and Macintosh] - Adobe Flash Player Extended Support Release - 18.0.0.232 and earlier [Windows and Macintosh] - Adobe Flash Player for Linux- 11.2.202.508 and earlier [Linux]
Comment 3•9 years ago
|
||
They're as severe as they get (in theory) but I haven't heard of any reports of exploits in the wild yet. We definitey need to make sure the plugincheck page has it right (seems to) but I think it's premature to click2play flash yet given how disruptive it is. Keep an eye on the version uptake and reports of exploits. Maybe next week would be better for click2play (and not yet at the "vulnerable" level, just "outdated"). We do need to address the blocklist of the old 13.x ESR branch though: bug 1193001.
Flags: needinfo?(dveditz)
Assignee | ||
Comment 4•9 years ago
|
||
The blocks are now staged. Kamil, please give them a look: Flash Player Plugin on Linux 11.2.202.482 to 11.2.202.508 (click-to-play) https://addons-dev.allizom.org/firefox/blocked/p784 Flash Player Plugin 18.0.0.204 to 18.0.0.232 (click-to-play) https://addons-dev.allizom.org/firefox/blocked/p782 As noted in comment #3, we don't plan to deploy them yet, but probably will next week or if a serious exploit comes up.
Assignee: nobody → jorge
Flags: needinfo?(kjozwiak)
Reporter | ||
Comment 5•9 years ago
|
||
Windows 10 x64 (VM) =================== File: NPSWF32_18_0_0_232.dll Path: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll Version: 18.0.0.232 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 18.0 r0 -> Build: https://archive.mozilla.org/pub/firefox/nightly/2015-09-22-03-02-04-mozilla-central/ File: NPSWF32_18_0_0_209.dll Path: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll Version: 18.0.0.209 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 18.0 r0 -> Build: https://archive.mozilla.org/pub/firefox/releases/41.0/ File: NPSWF32_18_0_0_241.dll Path: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_241.dll Version: 18.0.0.241 State: Enabled Shockwave Flash 18.0 r0 -> Build: https://archive.mozilla.org/pub/firefox/candidates/42.0b1-candidates/build1/ File: NPSWF32_19_0_0_185.dll Path: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll Version: 19.0.0.185 State: Enabled Shockwave Flash 19.0 r0 -> Build: https://archive.mozilla.org/pub/firefox/nightly/2015-09-22-00-40-45-mozilla-aurora/ Win 8.1 x64 (VM) ================ File: NPSWF32_18_0_0_232.dll Path: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll Version: 18.0.0.232 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 18.0 r0 -> Build: https://archive.mozilla.org/pub/firefox/releases/41.0/ File: NPSWF32_18_0_0_209.dll Path: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll Version: 18.0.0.209 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 18.0 r0 -> Build: https://archive.mozilla.org/pub/firefox/candidates/42.0b1-candidates/build1/ File: NPSWF32_18_0_0_241.dll Path: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_241.dll Version: 18.0.0.241 State: Enabled Shockwave Flash 18.0 r0 -> Build: https://archive.mozilla.org/pub/firefox/nightly/2015-09-22-03-02-04-mozilla-central/ File: NPSWF32_19_0_0_185.dll Path: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll Version: 19.0.0.185 State: Enabled Shockwave Flash 19.0 r0 -> Build: https://archive.mozilla.org/pub/firefox/nightly/2015-09-22-00-40-45-mozilla-aurora/ OSX 10.10.5 x64 =============== File: Flash Player.plugin Path: /Library/Internet Plug-Ins/Flash Player.plugin Version: 18.0.0.232 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 18.0 r0 -> Build: https://archive.mozilla.org/pub/firefox/nightly/2015-09-22-03-02-04-mozilla-central/ File: Flash Player.plugin Path: /Library/Internet Plug-Ins/Flash Player.plugin Version: 18.0.0.209 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 18.0 r0 -> Build: https://archive.mozilla.org/pub/firefox/nightly/2015-09-22-00-40-45-mozilla-aurora/ File: Flash Player.plugin Path: /Library/Internet Plug-Ins/Flash Player.plugin Version: 18.0.0.241 State: Enabled Shockwave Flash 18.0 r0 -> Build: https://archive.mozilla.org/pub/firefox/candidates/42.0b1-candidates/build1/ File: Flash Player.plugin Path: /Library/Internet Plug-Ins/Flash Player.plugin Version: 19.0.0.185 State: Enabled Shockwave Flash 19.0 r0 -> Build: https://archive.mozilla.org/pub/firefox/releases/41.0/ Ubuntu 14.04.3 x64 (VM) ======================= File: libflashplayer.so Path: /usr/lib/mozilla/plugins/libflashplayer.so Version: 11.2.202.508 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 11.2 r202 -> Build: https://archive.mozilla.org/pub/firefox/nightly/2015-09-22-03-02-04-mozilla-central/ File: libflashplayer.so Path: /usr/lib/mozilla/plugins/libflashplayer.so Version: 11.2.202.491 State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 11.2 r202 -> Build: https://archive.mozilla.org/pub/firefox/nightly/2015-09-22-00-40-45-mozilla-aurora/ File: libflashplayer.so Path: /usr/lib/mozilla/plugins/libflashplayer.so Version: 11.2.202.521 State: Enabled Shockwave Flash 11.2 r202 -> Build: https://archive.mozilla.org/pub/firefox/candidates/42.0b1-candidates/build1/
Flags: needinfo?(kjozwiak)
Assignee | ||
Comment 6•9 years ago
|
||
The blocks are now live: Flash Player Plugin 18.0.0.204 to 18.0.0.232 (click-to-play) https://addons.mozilla.org/blocked/p1026 Flash Player Plugin on Linux 11.2.202.482 to 11.2.202.508 (click-to-play) https://addons.mozilla.org/blocked/p1028
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → 44.2
Updated•8 years ago
|
Product: addons.mozilla.org → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•