Flashplugin-nonfree

NoOp glgxg at sbcglobal.net
Wed Dec 17 18:20:23 UTC 2008 

On 12/17/2008 09:39 AM, Mario Vukelic wrote:
> On Wed, 2008-12-17 at 07:40 -0800, NoOp wrote:
>> Why? For a 32bit system you simply extract the standard adobe
>> download, copy libflashplayer.so to ~/.mozilla/plugins and you're
>> done.
> 
> Reasons for why would be, for me, security updates and simplicity.
> 
> 

Ah, then you probably mean the standard 'partner' adobe-flashplugin as
medibuntu doesn't have flash in it's repositories:
http://packages.medibuntu.org/pool/non-free/a/
but is in the partner repos:
http://archive.canonical.com/ubuntu/pool/partner/a/

(http://www.canonical.com/services/packaging)

So, I reckon that I'd agree with using that version :-) as it is
provided by Adobe and is virtually identical to the .deb package
provided from their site directly. However, you still need to put a copy
in .mozilla/plugins if you want to use flash with mozilla installed
Firefox, SeaMonkey etc.

As for 'security updates'... I'd have to disagree that the repos are on
top of things. Example: SeaMonkey is at 1.1.14 and the version provided
in the repositories is seriously out of date with regards to security:

<http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html#seamonkey1.1.14>
Note: SeaMonkey in Intrepid & Hardy is only at 1.1.12.

Notice the differences in security updates:
https://launchpad.net/ubuntu/+source/seamonkey

Hardy & Intrepid are missing:
Fixed in SeaMonkey 1.1.14
MFSA 2008-68 XSS and JavaScript privilege escalation
MFSA 2008-67 Escaped null characters ignored by CSS parser
MFSA 2008-66 Errors parsing URLs with leading whitespace and control
characters
MFSA 2008-65 Cross-domain data theft via script redirect error message
MFSA 2008-64 XMLHttpRequest 302 response disclosure
MFSA 2008-61 Information stealing via loadBindingDocument
MFSA 2008-60 Crashes with evidence of memory corruption
(rv:1.9.0.5/1.8.1.19)
Fixed in SeaMonkey 1.1.13
MFSA 2008-59 Script access to .documentURI and .textContent in mail
MFSA 2008-58 Parsing error in E4X default namespace
MFSA 2008-57 -moz-binding property bypasses security checks on codebase
principals
MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
MFSA 2008-55 Crash and remote code execution in nsFrameManager
MFSA 2008-54 Buffer overflow in http-index-format parser
MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
MFSA 2008-52 Crashes with evidence of memory corruption
(rv:1.9.0.4/1.8.1.18)
MFSA 2008-50 Crash and remote code execution via __proto__ tampering
MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module
unloading
MFSA 2008-48 Image stealing via canvas and HTTP redirect
MFSA 2008-47 Information stealing via local shortcut files

More information about the ubuntu-users mailing list