MASTER Firefox 3.5 Plugin Finder Service in Ubuntu Karmic 9.10 displays "No suitable plugins were found" for flash

Small note - it appears that on the initial popup window containing the text "Press next to install these plugins" that there should be a list of plugins to install (if my memory of older versions serves me correctly). Not only is the list blank, but there is no list widget.

Moving to Ubufox.
Thanks for reporting this bug and any supporting documentation. Since this bug has enough information provided for a developer to begin work, I'm going to mark it as Triaged and let them handle it from here. Thanks for taking the time to make Ubuntu better!

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

Opening this task to catch dupes. Can mark invalid when fixed.

Micah Gersten: I respect your judgement concerning whether this is a security bug or not, however I can see several ways an attacker can exploit this:
1. Using a MITM attack and on the fly replace the deb-file to be downloaded from adobe.com with a specially prepaid package as laid out here: http://securitytube.net/Ubuntu-Package-Backdoor-using-a-Metasploit-Payload-video.aspx or at http://www.offensive-security.com/metasploit-unleashed/ under "Client Sides Exploits" and "Binary Linux Trojans"

This attack can be avoided by downloading from the official repositories, since this would verify the signature of the package and therefore not allow an attacker to replace or inject code into it.

2. Adobe flash has a long history of security vulnerabilities, and as with any software it is essential that whenever a new advisory is published that effected systems get patched as soon as possible. This does not happen on a computer with Windows, since users most often download the software in question manually. This will be the same situation for a user of Linux if she/he installs software manually without any means of automatic updates.

jova: not sure what you complain about. this bug is about our db being empty for 9.10 atm. this will be fixed soonish.

Alexander Sack: Thank you for your rapid response, if this will be fixed in time for release it would be great!

On Mon, Oct 05, 2009 at 04:30:18PM -0000, jova wrote:
> Alexander Sack: Thank you for your rapid response, if this will be fixed
> in time for release it would be great!

Yes, its a blocker and on our radar and will be fixed in time.

 - Alexander

rolled a new plugin finder db ... to the new home ... see http://identi.ca/notice/11666097 and http://identi.ca/notice/11667111

because of that move the fix will be visible when next ubufox hits your disk. that part is committed upstream here:
http://bazaar.launchpad.net/~asac/ubufox/main/revision/181

Thanks for all the hard work!

ubufox (0.8-0ubuntu1) karmic; urgency=low

  New upstream release 0.8:
  * fix LP: #437604 - [pl-PL] Polish translation update for ubufox [attached];
    applying translations submitted by Tomasz Dominikowski
  * fix LP: #427697 - Ubufox links to Firefox 3.0 bugs and answers
    on Karmic; the fix involves replacing all hard coded firefox
    version strings in overlay.js with getAppVersion(); this fixes
    "get help", "translate ..." and "report a problem" menu items.
  * fix LP: #447148 - Manage Content Plugins menu item disabled when no
    plugins active; never disable the menu item and open the wizard with
    "All plugins" radio preselected if there are no plugins in use on the
    current active tab
  * fix LP:# 440987 - add ubuntu 9.10 to plugin db creation script and drop 7.10
  * move plugin finder webservice to mozilla-pfs.ubuntu.com

 -- Alexander Sack < <email address hidden>> Mon, 12 Oct 2009 16:02:46 +0200

From a fresh Karmic RC install, I go to
http://www.adobe.com/shockwave/welcome/

I still face the same problem.

On Fri, Oct 23, 2009 at 09:33:23AM -0000, Mathieu Leplatre wrote:
> >From a fresh Karmic RC install, I go to
> http://www.adobe.com/shockwave/welcome/
>
> I still face the same problem.

that sites has two mime-types: flash + x-director ... i would assume
that you already have flash installed and we dont have a x-director
thing in the plugin db (not even sure it exists for linux).

 - Alexander