[Cialug] Fwd: Firefox flash plugin vulnerability

Matthew Nuzum newz at bearfruit.org
Sat Dec 20 12:51:02 CST 2008 

In case you haven't heard, there is a serious flash vulnerability so
you should be upgrading. However I was talking to some people at work
about the difficulty in applying the fix due to the varied number of
ways to install (and therefore locations and file permissions of the
plugin). The firefox maintainer suggested this configuration for those
who use Ubuntu. Basically it's a way to use the free gnash/gpl plugin
and effortlessly switch to the adobe version on sites that don't work
with gnash. Doing this allows you to better test and use the free
software plugin. Quite clever, though I've no clue if this works on
non-ubuntu distros since aiui it's a feature of the ubufox plugin (and
for various reasons I only use Ubuntu).

By the way, go to about:plugins or
http://www.macromedia.com/software/flash/about/ to see what version of
flash you have installed. Go to
http://secunia.com/Advisories/33221/ for the original information
about the problem.

-- 
Matthew Nuzum
newz2000 on freenode, skype, linkedin and twitter


---------- Forwarded message ----------
From: Alexander Sack
Date: Sat, Dec 20, 2008 at 8:39 AM
Subject: Re: Firefox flash plugin vulnerability
To: Barry Warsaw

On Fri, Dec 19, 2008 at 07:40:26PM -0500, Barry Warsaw wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Dec 19, 2008, at 7:32 PM, Alexander Sack wrote:
>
> > With this kind of setup - given you have ubufox installed - you should
> > be able to switch plugins through the Tools -> Manage Content Plug-ins
> > dialog when visiting a flash website. Give it a try ;).
>
> Well, *that* was easy! :)
>
> Thanks, that's pretty cool.

My advice is to have the following setup:

 + install adobe flashplugin + mozilla-plugin-gnash
 + use gnash by default
 + if you run in a site that doesnt work good enough with gnash switch
 to adobe using the way i described above.

swfdec is a free alternative, but it has some performance issues as
it tries to use X accelleration and hence I wouldnt advice users to
use it until its fixed (most likely in X/cairo).

 - Alexander

More information about the Cialug mailing list