Firefox 34.05 incorrectly identifies plugins as out-of-date
As of midnight 12/12/14, Firefox started blocking plugins (in this case, Adobe Flash and Java Deployment Toolkit, possibly others as I've just been to websites that use those), saying that they're out of date. When I click on "Update Now," the Plugin Status page tells me that all my plugins are up to date. (I'm currently running Flash 15.0.0.239 and Java Deployment Toolkit 10.71.2.14, for the record.)
I get the point of this feature, and I really don't want to permanently turn on "always allow," but having to click two "allow" prompts every time I load a website that features Flash is quickly making web browsing intolerable. I'm on the verge of switching to Google Chrome over this.
Chosen solution
The 15.0.0.239 was not the last Flash 15 version as15.0.0.242 and older is blocked and vulnerable. The 15.0.0.246 is not affected though according to Adobe.
The plugin check page needs to be manually updated so the version it says is current may not be say for Flash. Check Flash version at http://www.adobe.com/software/flash/about/
For Firefox on Windows the current Flash player versions are 16.0.0.235 and the extended support version 13.0.0.259 at https://www.adobe.com/products/flashplayer/distribution3.html
Chrome (pepper flash) and IE (activex) has flash player versions that are affected also as per https://helpx.adobe.com/security/products/flash-player/apsb14-27.html
Flash Player Plugin 14.0 to 15.0.0.242 (click-to-play) has been blocked for your protection. https://addons.mozilla.org/firefox/blocked/p798
Flash Player Plugin 10.3.183.66 to 13.0.0.258 (click-to-play) has been blocked for your protection. https://addons.mozilla.org/firefox/blocked/p794
Flash Player Plugin on Linux 11.2.202.424 and lower (click-to-play) has been blocked for your protection. https://addons.mozilla.org/firefox/blocked/p796
fixed the blocklist links as Mozilla made a two part list for Win/Mac versions on December 12 so as to not block the 13.0.0.259 ESR version that it blocked in single list on December 11.
Read this answer in context 👍 16All Replies (12)
It worked fine for me on Linux as 11.2.202.425 was recognized as the update and not vulnerable.
James said
It worked fine for me on Linux as 11.2.202.425 was recognized as the update and not vulnerable.
Indeed. The problem is that some users have their plugin version named with commas (11,2,202,425) instead of punctuation (11.2.202.425) separating the version numbers... and firefox recognizes the comma version as vulnerable!
Just try renaming the plugin version like this in your ~/.mozilla/firefox/*.default/pluginreg.dat and then see whether it still works for you!
Already TWO people, including me, reported this - two is significant portion of linux users.
Right know, the way other people can fix this is either: a) change browser, b) disable the blocklist , c) google and find this thread with the presented solution.
BUT, the easiest thing would be to modify your damn bloglist so the "11,2,202,425" (comma) version would be equally defined to the "11.2.202.425" (punctuation) as an allowed plugin version.
Did you use the one from Adobe or by a package update?
James said
Did you use the one from Adobe or by a package update?
The adobe version from tarball downloaded from here: http://get.adobe.com/flashplayer/
Modified
James said
Did you use the one from Adobe or by a package update?
32-bit (i386) from adobe (via yum).
$ strings /usr/lib/flash-plugin/libflashplayer.so|grep 425 FlashPlayer_11_2_202_425_FlashPlayer LNX 11,2,202,425 11.2.202.425 drm/%s/%s/%s/11.2.202.425%s
Via yum means it was a package and not the tarball from adobe like from https://www.adobe.com/products/flashplayer/distribution3.html though it could be using the rpm package from Adobe source.
My point is there could be a difference between the tarball and the packages especially if not from Adobe source.
Modified
James said
Via yum means it was a package and not the tarball from adobe like from https://www.adobe.com/products/flashplayer/distribution3.html though it could be using the rpm package from Adobe source. My point is there could be a difference between the tarball and the packages especially if not from Adobe source.
Well, I used the tarball directly from adobe and the version was stated with commas, i.e. "11,2,202,425"
$ strings ~/.mozilla/plugins/libflashplayer.so | grep 425 FlashPlayer_11_2_202_425_FlashPlayer LNX 11,2,202,425 11.2.202.425 drm/%s/%s/%s/11.2.202.425%s
Modified
James said
Via yum means it was a package and not the tarball from adobe like from https://www.adobe.com/products/flashplayer/distribution3.html though it could be using the rpm package from Adobe source.
Which part of "from adobe" did you not understand?
$ grep baseurl /etc/yum.repos.d/adobe-linux-i386.repo baseurl=http://linuxdownload.adobe.com/linux/i386/
$ rpm -qi flash-plugin|egrep "Vendor|Build Date|Build Host|Packager|URL" Version : 11.2.202.425 Vendor: Adobe Systems Inc. Release : release Build Date: Fri 21 Nov 2014 03:09:49 AM CET Install Date: Thu 18 Dec 2014 01:40:45 AM CET Build Host: frbld_lnx_016.macromedia.com Packager : Adobe Systems Inc. URL : http://www.adobe.com/downloads/
Somebody answer this for us please!!! Why is all this happening. Firefox used to run so smooth. Now it crashes multiple time per day. JUST FIX IT FOR US!!!
F0rager said
All this is interesting but how do I fix it? How do you 'update manually' the plug in check page, and where is it? Is there a SIMPLE step by step guide for those of us who are not IT graduates and just want a simple and safe browser to use? Just like we used to have Anyone?
Bermo, what part of nice do you not understand. It is not uncommon for Linux distros to package their own builds of programs as they certainly do so with Firefox.
James said
Bermo, what part of nice do you not understand. It is not uncommon for Linux distros to package their own builds of programs as they certainly do so with Firefox.
$ man -f nice nice (1) - run a program with modified scheduling priority nice (2) - change process priority $ nice 0 $ renice 19 $$ 3520: old priority 0, new priority 19
There. Better? :-)
- It was not so much about not being nice. It was more a matter of making a point of not being believed that the binary was from adobe, when clearly stated so. If it was from some other repo or other means of download, at least I wouldn't have expected anyone to say it was from adobe.
Anyway, I don't know if the problem is that the flashplayer binary contains a version string with commas or that FF doesn't recognize the version string. IMHO I would suspect the former.
Have a nice Christmas.
Bermo said
Rakeh saidI did that too, as a first thing. The firefox now even says "Shockwave flash 11,2,202,425" in the plugins list. UNFORTUNATELY, it still displays the vulnerable plugin message (both at various websites and at the plugin list) even though I apparently have the latest version.Try this: Stop firefox Edit ~/.mozilla/firefox/*.default/pluginreg.dat Replace "11,2,202,425" with "11.2.202.425"
This seemed to fix it for me.
You are the man! That did it for me too.
Modified