Adobe Flash security hole

Banton · 2010-06-24 18:04:49

IgnorantGuru wrote:

combuster wrote:
I'm using Epiphany with HTML5 YouTube extension - and man I don't miss flash at all... I can't even notice that it is gone. Sometimes youtube complains about flash player but i reload the page several times and html5 player pops up. No flash at all - finally
How is it that Epiphany accomplishes this? Is it using a chrome plugin like IE does?
It really sucks the way Google is using HTML5 (or at least H.264) as a way to restrict and dominate rather than open, which was the original intention of HTML5. Do no evil - yeah right. I certainly don't trust any browser or plugin concocted by the likes of Google, the biggest info thieves around, regardless of how well it works. Might as well still be stuck with Adobe or Microsoft - they've just replaced one evil with another as far as I'm concerned.
Is there any open browser that can use H.264 youtube video that is non-Google/non-Chrome?

When you use Firefox nightly there is webM included, you can watch youtube videos with this.

IgnorantGuru · 2010-06-24 19:39:01

Banton wrote:

When you use Firefox nightly there is webM included, you can watch youtube videos with this.

Looks promising - thanks!

thepizzaking · 2010-06-25 00:55:43

IgnorantGuru wrote:

How is it that Epiphany accomplishes this? Is it using a chrome plugin like IE does?

No, it uses the gstreamer plugins installed on the system which in this case would include a H.264 decoder.

It really sucks the way Google is using HTML5 (or at least H.264) as a way to restrict and dominate rather than open...

I don't know if I'd go that far. As far as I know, google chrome also supports the open theora format, and development versions support WebM. The main reason they included H.264 in my opinion was because IE and Mac weren't going to support anything else, so they included it for interoperability. The other main reason for H.264 is that I hear that google's internal storage format for youtube videos is H.264, so using that for youtube would be easy.

They are currently in the process of transcoding their videos to their new WebM format, which is currently supported by gstreamer, mplayer, vlc, the development version of Firefox etc. Once gstreamer has support for WebM, any youtube video that's been transcoded will play using it in epiphany (once you subscribe to the HTML5 beta that is)

Is there any open browser that can use H.264 youtube video that is non-Google/non-Chrome?

Any browser that uses libwebkit should be fine, eg Epiphany, Midori. So long as you have the correct gstreamer plugins installed.

Edit: I just updated my system and turns out you don't need to compile gstreamer yourself for webm/vp8 support anymore.

Last edited by thepizzaking (2010-06-25 01:05:04)

IgnorantGuru · 2010-06-25 01:12:29

@thepizzaking
I haven't kept up with this but from what I read in this thread, google has more monopolistic purposes in mind, and webkit doesn't seem to be popular either. I guess I have some research to do.

Thanks for all the info!

TURBO · 2010-06-26 00:38:02

Hi. I am a newbie, but I love arch.. . I do have the libflashplayer.so (64 bit) V10.0 R45. I just put this baby into /usr/lib/mozilla/plugins and boom!. It works. If you can find it, fine. If you need it, just shoot an email. Hope it helps somebody.

Last edited by TURBO (2010-06-26 00:39:07)

graysky · 2010-06-26 01:10:52

@TURBO - one can download the official arch package from several archival repos such as http://www.schlunix.org/archlinux

I highly doubt you'll get any experienced arch user to take you up on your offer for two reasons:

1) Using precompiled binaries from an untrusted source is just haphazard (no offense to you).
2) If it doesn't get installed by pacman, no one will use it.

ngoonee · 2010-06-26 01:11:34

TURBO wrote:

Hi. I am a newbie, but I love arch.. . I do have the libflashplayer.so (64 bit) V10.0 R45. I just put this baby into /usr/lib/mozilla/plugins and boom!. It works. If you can find it, fine. If you need it, just shoot an email. Hope it helps somebody.

It is, however, the old version WITH the mentioned security hole.

hokasch · 2010-06-26 01:14:05

3) 10.0,45 has serious security issues, which are fixed in 10.1.53, which does not exist for x64, which started all this mess

edit: 3 min late. I might want to refresh the page before I post something. next time.

Last edited by hokasch (2010-06-26 01:16:21)

TURBO · 2010-06-26 01:48:36

graysky wrote:

@TURBO - one can download the official arch package from several archival repos such as http://www.schlunix.org/archlinux
I highly doubt you'll get any experienced arch user to take you up on your offer for two reasons:
1) Using precompiled binaries from an untrusted source is just haphazard (no offense to you).
2) If it doesn't get installed by pacman, no one will use it.

Oh, ok. No offense taken. While all this mess gets work out, at least this file works. I downloaded from adobe labs. Any ways, right now I can see all flash movies without adding any work arounds or 32bit crap. Of couse, with my security hole!!. Je, je...

killajoe · 2010-06-26 09:04:55

bond · 2010-06-28 04:48:52

so are we able to drop some sort of flash plugin into /usr/lib/chromium/ or other dir?

greenfish · 2010-06-28 06:40:19

Hey guys!

If 10.0,45 is the culprit, why can't we use older builds then?

I'm not gonna use the nswrapper until I know what's stopping us from using older builds.

Thank You

ngoonee · 2010-06-28 10:05:46

Well, for 64-bit the older builds basically suck stability-wise. Besides the fact that they probably have the same security hole.

Just use the latest build and flashblock, problem solved.

tomk · 2010-06-28 10:18:21

correct - adobe's security bulletin specifically says "version 10.0.45.2 and earlier".

cb474 · 2010-06-29 02:52:14

I absent mindedly ran "nspluginwrapper -v -a -i" while logged in as root. But flash seems to be working fine. Should I be worried this? Have I given flash root privileges or something? I got this output:

wrote:

Auto-install plugins from /usr/lib/mozilla/plugins
Looking for plugins in /usr/lib/mozilla/plugins
Install plugin /usr/lib/mozilla/plugins/libflashplayer.so
into /usr/lib/mozilla/plugins/npwrapper.libflashplayer.so
Auto-install plugins from /root/.mozilla/plugins
Looking for plugins in /root/.mozilla/plugins

If there's a problem how do I undo what "nspluginwrapper -v -a -i" did?

I also subsequently created ~/.mozilla/plugins/ and ran "nspluginwrapper -v -a -i" again in my user account, but it didn't install anything in that directory.

ataraxia · 2010-06-29 15:39:27

cb474 wrote:

I absent mindedly ran "nspluginwrapper -v -a -i" while logged in as root. But flash seems to be working fine. Should I be worried this? Have I given flash root privileges or something? I got this output:
wrote:
Auto-install plugins from /usr/lib/mozilla/plugins
Looking for plugins in /usr/lib/mozilla/plugins
Install plugin /usr/lib/mozilla/plugins/libflashplayer.so
into /usr/lib/mozilla/plugins/npwrapper.libflashplayer.so
Auto-install plugins from /root/.mozilla/plugins
Looking for plugins in /root/.mozilla/plugins
If there's a problem how do I undo what "nspluginwrapper -v -a -i" did?
I also subsequently created ~/.mozilla/plugins/ and ran "nspluginwrapper -v -a -i" again in my user account, but it didn't install anything in that directory.

You installed it system-wide. Not so bad, if that's ok with you.

Toke · 2010-06-29 18:08:38

How would you notice if your system is compromised?

jt512 · 2010-06-29 19:24:45

Toke wrote:

How would you notice if your system is compromised?

No balance in your checking account; big balance on your credit cards.

Jay

greenfish · 2010-06-30 20:46:30

ngoonee
tomk

thanks for the information!

cb474 · 2010-07-01 06:52:51

ataraxia wrote:

You installed it system-wide. Not so bad, if that's ok with you.

Okay, thanks. Sounds fine to me, I just didn't want any unnecessary security risks.

jMo3f · 2010-07-15 14:08:35

I just installed the old x86_64 flashplugin from here and also started using flashblock addon on firefox to prevent possible security threats. It seems to be working fine, but as the post recommending this is almost a month old I'd like to ask an update from someone who is familiar with the subject, on wheter this is still the best choice of action? (is that even senseful sentence )

Milena · 2010-07-15 16:28:15

I keep using the 10.0.45.2 flash plugin on my x64, enabling it on demand, together with no-script, adblock plus, etc. in firefox and only use it on websites i trust. The only thing i've done that may or may not help with security is linking ~/.adobe/Flash_Player and ~/.macromedia/Flash_Player to /tmp which is a tmpfs here so the cache is always cleared.

Last edited by Milena (2010-07-15 16:29:13)

valium97582 · 2010-07-26 15:54:55

But gnash is just fine, if you install the gstreamer codecs.

And it is lighter in both my computers.:rolleyes:

Last edited by valium97582 (2010-07-26 15:55:26)

graysky · 2010-08-04 23:58:27

@valium - which gstreamer codecs are you talking about?

Last edited by graysky (2010-08-05 07:27:02)

Pawlerson · 2010-09-01 11:09:03

skottish wrote:

My understanding of this stuff is pretty weak, so I'll err on the side of your knowledge. Articles like this though seem to me to point to it being real today even with fairly modern Linux kernels:
http://lwn.net/Articles/347006/

It's not related. Some bug is not equivalent to design mistakes present in Windows. Btw. does someone know where I can download a vulnerable 64bit flash player? I don't want to mess with 32bit libraries. Thanks.

Arch Linux

#76 2010-06-24 18:04:49

Re: Adobe Flash security hole

#77 2010-06-24 19:39:01

Re: Adobe Flash security hole

#78 2010-06-25 00:55:43

Re: Adobe Flash security hole

#79 2010-06-25 01:12:29

Re: Adobe Flash security hole

#80 2010-06-26 00:38:02

Re: Adobe Flash security hole

#81 2010-06-26 01:10:52

Re: Adobe Flash security hole

#82 2010-06-26 01:11:34

Re: Adobe Flash security hole

#83 2010-06-26 01:14:05

Re: Adobe Flash security hole

#84 2010-06-26 01:48:36

Re: Adobe Flash security hole

#85 2010-06-26 09:04:55

Re: Adobe Flash security hole

#86 2010-06-28 04:48:52

Re: Adobe Flash security hole

#87 2010-06-28 06:40:19

Re: Adobe Flash security hole

#88 2010-06-28 10:05:46

Re: Adobe Flash security hole

#89 2010-06-28 10:18:21

Re: Adobe Flash security hole

#90 2010-06-29 02:52:14

Re: Adobe Flash security hole

#91 2010-06-29 15:39:27

Re: Adobe Flash security hole

#92 2010-06-29 18:08:38

Re: Adobe Flash security hole

#93 2010-06-29 19:24:45

Re: Adobe Flash security hole

#94 2010-06-30 20:46:30

Re: Adobe Flash security hole

#95 2010-07-01 06:52:51

Re: Adobe Flash security hole

#96 2010-07-15 14:08:35

Re: Adobe Flash security hole

#97 2010-07-15 16:28:15

Re: Adobe Flash security hole

#98 2010-07-26 15:54:55

Re: Adobe Flash security hole

#99 2010-08-04 23:58:27

Re: Adobe Flash security hole

#100 2010-09-01 11:09:03

Re: Adobe Flash security hole

Board footer