Firefox 4 repo
JD
jd1008 at gmail.com
Mon Jul 19 16:38:46 UTC 2010
On 07/19/2010 12:17 AM, Christofer C. Bell wrote:
> On 7/19/10, *Suvayu Ali* <fatkasuvayu+linux at gmail.com
> <mailto:fatkasuvayu%2Blinux at gmail.com>> wrote:
>
> I have a copy of the "buggy" 64 bit flash(10.0.45), and it works with
> the fedora version of FF 3.6 very well. I am having a problem with
> _all_
> my plugins when I use the tarball. I guess I'll have to give up my
> wish
> to test the beta release of FF. :-\
>
>
> It's not so much "buggy" as it contains an actively exploited security
> vulnerability that can lead to remote compromise of your computer.
>
> "A critical
> <http://www.adobe.com/support/security/severity_ratings.html>
> vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier
> versions for Windows, Macintosh, Linux and Solaris operating systems,
> and the authplay.dll component that ships with Adobe Reader and
> Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This
> vulnerability (CVE-2010-1297) could cause a crash and potentially
> allow an attacker to take control of the affected system. There are
> reports that this vulnerability is being actively exploited in the
> wild against both Adobe Flash Player, and Adobe Reader and Acrobat."[1]
>
> "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe
> AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3,
> and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers
> to execute arbitrary code or cause a denial of service (memory
> corruption) via crafted SWF content, related to authplay.dll and the
> ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as
> exploited in the wild in June 2010."[2]
>
> So yes, the software "works well" in much the same way that "an
> unpatched Windows XP works well" but leaves you open to compromise.
> Note the key sentence here: "There are reports that this vulnerability
> is being actively exploited in the wild against both Adobe Flash
> Player, and Adobe Reader and Acrobat."
>
> I'm not sure I'd have such a caviler attitude toward it as you.
>
> [1] http://www.adobe.com/support/security/advisories/apsa10-01.html
> [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
>
> --
> Chris
>
>
Looks like Adobe has a new 64 bit flash plugin:
http://kb2.adobe.com/cps/000/6b3af6c9.html
There is a link there:
Click here for instructions to install Flash Player on a 64-bit
operating system
Good luck Suvayu
More information about the users
mailing list