Firefox 4 repo

JD jd1008 at gmail.com
Mon Jul 19 16:38:46 UTC 2010 

  On 07/19/2010 12:17 AM, Christofer C. Bell wrote:
> On 7/19/10, *Suvayu Ali* <fatkasuvayu+linux at gmail.com 
> <mailto:fatkasuvayu%2Blinux at gmail.com>> wrote:
>
>     I have a copy of the "buggy" 64 bit flash(10.0.45), and it works with
>     the fedora version of FF 3.6 very well. I am having a problem with
>     _all_
>     my plugins when I use the tarball. I guess I'll have to give up my
>     wish
>     to test the beta release of FF. :-\
>
>
> It's not so much "buggy" as it contains an actively exploited security 
> vulnerability that can lead to remote compromise of your computer.
>
> "A critical 
> <http://www.adobe.com/support/security/severity_ratings.html> 
> vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier 
> versions for Windows, Macintosh, Linux and Solaris operating systems, 
> and the authplay.dll component that ships with Adobe Reader and 
> Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This 
> vulnerability (CVE-2010-1297) could cause a crash and potentially 
> allow an attacker to take control of the affected system. There are 
> reports that this vulnerability is being actively exploited in the 
> wild against both Adobe Flash Player, and Adobe Reader and Acrobat."[1]
>
> "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe 
> AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, 
> and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers 
> to execute arbitrary code or cause a denial of service (memory 
> corruption) via crafted SWF content, related to authplay.dll and the 
> ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as 
> exploited in the wild in June 2010."[2]
>
> So yes, the software "works well" in much the same way that "an 
> unpatched Windows XP works well" but leaves you open to compromise.  
> Note the key sentence here: "There are reports that this vulnerability 
> is being actively exploited in the wild against both Adobe Flash 
> Player, and Adobe Reader and Acrobat."
>
> I'm not sure I'd have such a caviler attitude toward it as you.
>
> [1] http://www.adobe.com/support/security/advisories/apsa10-01.html
> [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
>
> -- 
> Chris
>
>
Looks like Adobe has a new 64 bit flash plugin:

http://kb2.adobe.com/cps/000/6b3af6c9.html
There is a link there:
Click here for instructions to install Flash Player on a 64-bit 
operating system

Good luck Suvayu

More information about the users mailing list