Adobe Flash Online Settings Manager isn't working

Bruce Pieterse dev at otq.za.net
Wed Jan 28 23:49:31 UTC 2015 

On 28/01/2015 22:29, Alberto Salvia Novella wrote:
> Damir B:
>> I'd still report just this aspect on Launchpad
>
> Done at
> <https://bugs.launchpad.net/adobe-flash-plugin-tools/+bug/1415620>.
>
> If this bug affects you, please confirm at
> <https://bugs.launchpad.net/adobe-flash-plugin-tools/+bug/1415620/+affectsmetoo>.
>
>
> Damir B:
> > If you guys weren't following the latest development of Firefox, they
> > actually released a new "Insecure Content" feature that is enabled by
> > default (shipped with version 35). Basically, if I access the Adobe
> > Flash online settings page with it enabled, I just get a white page
> > with a bunch of text. If I disable it, the page then works perfectly
> > as it has before, so there is now an additional step required to get
> > the page working and I am now wondering if that is where you guys are
> > fumbling....
>
> You can omit this step just by going to
> <http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager06.html>.
>
>
> Thank you.
>
>
>
>
Hi Alberto & Damir B,

This works:
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager02.html#118539
This doesn't:
https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager02.html#118539
(as reported but note https not http)
This works:
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager06.html

The reason this is not working is due to:
Blocked loading mixed active content
"http://wwwimages.adobe.com/www.adobe.com/lib/com.adobe/_all.js"[Learn
More] settings_manager02.html
Blocked loading mixed active content
"http://wwwimages.adobe.com/www.adobe.com/lib/com.adobe/template/screen.css"[Learn
More] settings_manager02.html
Blocked loading mixed active content
"http://wwwimages.adobe.com/www.adobe.com/lib/com.adobe/template/print.css"[Learn
More] settings_manager02.html
Blocked loading mixed active content
"http://wwwimages.adobe.com/www.adobe.com/lib/com.adobe/template/fixH1Size.js"[Learn
More] settings_manager02.html
Blocked loading mixed active content
"http://wwwimages.adobe.com/www.adobe.com/lib/com.adobe/module/SearchBuddy.js"[Learn
More] settings_manager02.html
TypeError: document.observe is not a function settings_manager02.html:29
ReferenceError: adobe is not defined settings_manager02.html:34
Blocked loading mixed active content
"http://wwwimages.adobe.com/www.adobe.com/ubi/globalnav/_all/gnav.js?locale=en_US"[Learn
More] settings_manager02.html
Blocked loading mixed active content
"http://wwwimages.adobe.com/www.adobe.com/ubi/globalnav/_all/reimagined.js"[Learn
More] settings_manager02.html
Blocked loading mixed active content
"http://wwwimages.adobe.com/www.adobe.com/ubi/globalnav/_all/ims.js"[Learn
More] settings_manager02.html
ReferenceError: SWFObject is not defined

[Learn More] points to:
https://developer.mozilla.org/en-US/docs/Security/MixedContent

This is actually needs to be fixed on Adobe's side, perhaps using
protocol relative urls[1] i.e.
//wwwimages.adobe.com/www.adobe.com/lib/com.adobe/_all.js or all assets
should be loaded from either https:// or http://. This will fix loading
of assets and javascript TypeError and ReferenceErrors when accessing
the page on https://.

As you can see on the last line above, a javascript file can not be
loaded on line 651 in the page[2] and effectively prevents a new flash
object to be created: var swfo = new SWFObject( props ); which in this
case is the privacy settings panel. This would also explain why there is
no styling on the page as well due to css style sheets also being loaded
at http:// instead of the https:// address.

Tested with:

Ubuntu Gnome 14.10
Flash Plugin: 11.2.202.440ubuntu0.14.10.1
Firefox: 35.0.1

Ubuntu Gnome 15.04
Flash Plugin: 11.2.202.440ubuntu1
Firefox: 34.0

In summary, Firefox is doing the right thing and that is to ensure the
page you are visiting has all assets and resources loaded on https://
while blocking http:// when on https://. Otherwise, the page really
isn't secure if it has mixed content loading. Secondly, this is not a
problem with the flashplugin-installer package. Finally, if you clear
the browser cache on 12.04, you will most likely encounter the same
problem due to content already being cached in the browser and Adobe
making the page available later on https during 12.04 to 15.04.
Unfortunately, I can not confirm if the secure address was introduced
during 12.04 to 15.04 and I don't have 12.04 installed at the moment to
confirm if browser cache is making the page work, but it seems likely.

File a bug report with Adobe and use either
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager02.html#118539
or
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager06.html
until the above is fixed.

[1] http://www.paulirish.com/2010/the-protocol-relative-url/
[2] Use "Inspect Element" tool and switch to "Console" tab while on
https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager02.html#118539

-- 
All the best,

Bruce

FSF Member 10674 / The FSF is a charity with a worldwide mission to advance software freedom / Join the Free Software Foundation: http://www.fsf.org/register_form?referrer=10674

More information about the Ubuntu-quality mailing list