Plugin check incorrectly marks flash ESR as "vulnerable"
With the terrible issues recently with Flash 12, I opted to use the extended support version of Flash 11.7r700.
The plugin checker page, however, shows that my flash is supposedly "vulnerable" but it is most definitely not (it's the latest updated version offered by adobe in their extended support cycle for corporate use)
Toutes les réponses (15)
Which version of Shockwave Flash 11.7 r700 is installed? See http://helpx.adobe.com/security/products/flash-player/apsb14-07.html
For users of Flash Player 11.7.700.261 and earlier versions for Windows and Macintosh, who cannot update to Flash Player 12.0.0.44, Adobe has made available the update Flash Player 11.7.700.269, which can be downloaded here.
You can update to the latest version of Adobe Flash Player 11.7 ESR here:
As can be seen in system details on the right where I pasted the plugin entry, I am using 11.7.700.269, the latest version. It's still marked as vulnerable, as I said.
Sorry, I missed your "System details" entry.
The fact that the Shockwave Flash plugin version 11.7.700.269 is being detected as "vulnerable" is apparently a bug in Mozilla's PluginCheck webpage. It was reported on March 1, 2014 but the bug status is still listed as "unconfirmed":
- Bug 978505 - mozilla.org plugincheck says latest flash update is vulnarable and tells me to update
I'll escalate this to the Helpdesk to see if a Mozilla employee can look into the bug status.
I added a comment to the bug report linking to this thread and updated the summary to make it clearer that the issue is Flash 11.7 ESR:
- Bug 978505 - Mozilla plugincheck says latest Flash Player 11.7 (Extended Support Release) is vulnerable and tells me to update
By the way ... you wrote:
With the terrible issues recently with Flash 12, I opted to use the extended support version of Flash 11.7r700.
I was wondering what those terrible issues were. I'm using the latest Flash Player 12 version 12.0.0.70 on my Windows 7 x64 computer and other than a focus bug that has existed since Flash 11.3 (which I've worked around by disabling protected mode in Flash) it's working OK.
In case you want to try Flash 12 again, see:
Modifié le
Hi wolfbeast71, Thank you for bringing this to attention. I need to investigate this further. In the meantime:
Though it looks like this is the ESR cycle? Are you part of the ESR mailing list? ESR FAQs
I'm using Firefox ESR, indeed, however, this applies to all versions of Firefox (see also the bugzilla bug). People on 27.0.1 have the exact same issue when using Flash 11.7 (with extended support) and checking their plugins.
The terrible issues with Flash 12 can be summarized as: constant crashing. Flash 12 crashes easily half of the time.
If you ever want to reinstall Flash 12 and troubleshoot the constant crashing you mentioned, try the suggestions in this article .... or post back with troubleshooting information and crash report IDs (see Use the Troubleshooting Information page to help fix Firefox issues for details).
Look, I have no interest in troubleshooting what has already cost me a few hairs and 2 days of work. It's also completely irrelevant to this problem mentioned here. I concluded that Flash 12 was problematic, so I switched to 11.7 ESR. That is not the problem here and very much a valid and (I hope) supported configuration. The problem is that Firefox insists in the plugin check that it's "vulnerable" and should be upgraded, while it is most definitely not vulnerable and no later update of 11.7 ESR is available than what I already have.
I understand this is most likely a problem with the plugin check page (@Mozilla.com) and not necessarily with the browser.
OK, as long as you understand that a bug in the PluginCheck page is incorrectly detecting that the latest Flash 11.7 is vulnerable, and you keep Flash 11.7 ESR updated.
Speaking of which, the Flash plugin has been updated again and the latest Flash 11.7 ESR version is now 11.7.700.272 - see Adobe's Flash Player security bulletin dated March 11, 2014
I'm aware , patch Tuesday and all, also the designated update day for Adobe these days... but thanks.
Would be nice if the plugincheck page gets fixed -- how hard can it be to just do a simple "if version = {latest ESR} then result = ok"? seriously. 2 minutes work.
Ya, unfortunately the next release for ESR will be version 31(as of today), but did that patch work out for you?
No, as of today the plugin check page is still marking 11.7ESR (11.7.700.272) as "vulnerable" while it is not. it has nothing to do with the firefox version I use being ESR or not.
I have latest updates but also my Adobe Status is "VULNERABLE". I have reset the Firefox and updated that outdated plugin tens of times but the message doesn't change, everytime vulnerable, vulnerable and again vulnerable!!! < Content containing lewd language removed by moderator>. aw
Modifié le
PAAVALIX, see Mozilla Support rules and guidelines.
I'm closing this question to further posts. There is no support issue that can be solved in this forum. The problem is caused by an open bug related to the Mozilla PluginCheck page.