Bug 1185241

Summary: Enable click-to-play for flash-plugin play due to 0-day vulnerability
Product: [Fedora] Fedora Reporter: Martin Stransky <stransky>
Component: firefoxAssignee: Martin Stransky <stransky>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 21CC: anto.trande, gecko-bugs-nobody, robatino
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: firefox-35.0.1-5.fc20 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-01-27 19:52:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Martin Stransky 2015-01-23 09:36:20 UTC 
Description of problem:

According to:

https://isc.sans.edu/diary/Flash+0-Day+Exploit+Used+by+Angler+Exploit+Kit/19213

a flash exploit is live and uses unfixed 0-day flash vulnerability. There isn't any fix available so let's enable the click-to-play mode by default at least.
Comment 1 Martin Stransky 2015-01-23 09:37:42 UTC 
See also https://helpx.adobe.com/security/products/flash-player/apsb15-02.html which does not fix this issue.
Comment 2 Fedora Update System 2015-01-23 09:39:03 UTC 
firefox-35.0-6.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/firefox-35.0-6.fc21
Comment 3 Fedora Update System 2015-01-23 09:39:10 UTC 
firefox-35.0-6.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/firefox-35.0-6.fc20
Comment 4 Fedora Update System 2015-01-26 02:27:53 UTC 
Package firefox-35.0-6.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing firefox-35.0-6.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2015-1059/firefox-35.0-6.fc20
then log in and leave karma (feedback).
Comment 5 Martin Stransky 2015-01-27 19:52:17 UTC 
Already removed due to flash update.
Comment 6 Fedora Update System 2015-01-28 07:47:38 UTC 
firefox-35.0.1-3.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/firefox-35.0.1-3.fc21
Comment 7 Fedora Update System 2015-01-28 07:47:47 UTC 
firefox-35.0.1-3.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/firefox-35.0.1-3.fc20
Comment 8 Fedora Update System 2015-01-28 19:56:30 UTC 
firefox-35.0-6.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2015-01-30 23:56:11 UTC 
firefox-35.0.1-3.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2015-02-10 09:04:25 UTC 
firefox-35.0.1-5.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/firefox-35.0.1-5.fc21
Comment 11 Fedora Update System 2015-02-10 09:04:33 UTC 
firefox-35.0.1-5.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/firefox-35.0.1-5.fc20
Comment 12 Fedora Update System 2015-02-17 08:06:00 UTC 
firefox-35.0.1-5.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2015-02-18 05:56:13 UTC 
firefox-35.0.1-5.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.