PlayFlash 64bit Version History

24 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 30.0.0.113 11.2 MiB Works with Firefox 4.0 - 56.*, SeaMonkey 2.1 - *

New plugin release v30.0.0.113

Fixed Issues:
  • Host cannot promote Participants into Host or Presenter role in a Connect Meeting.

New Features:
  • Spectre / Meltdown Mitigations

Security Enhancements:
  • Type Confusion: Arbitrary Code Execution [Critical] (CVE-2018-4945)
  • Integer Overflow: Information Disclosure [Important] (CVE-2018-5000)
  • Out-of-bounds read: Information Disclosure [Important] (CVE-2018-5001)
  • Stack-based buffer overflow: Arbitrary Code Execution [Critical] (CVE-2018-5002)

Version 29.0.0.171 11.1 MiB Works with Firefox 4.0 - 56.*, SeaMonkey 2.1 - *

New plugin release v29.0.0.171

Fixed Issues:
  • Gradients in static SWFs shows "Movie Not Loaded" in Flash Player (FP-4198806)

Security Enhancements:
  • Type Confusion: Arbitrary Code Execution [Critical] (CVE-2018-4944)

Version 29.0.0.113 11.1 MiB Works with Firefox 4.0 - 56.*, SeaMonkey 2.1 - *

New plugin release v29.0.0.113

Fixed Issues:
  • Flash Player settings panel become unresponsive when hardware acceleration is turned off on Firefox.
  • Flash Player quit unexpectedly when "by.blooddy.crypto.Base64" class try to decode BASE64.(FP-4198772)
  • Flash Player Protected mode + Async drawing on Firefox causes the font color to be inverted
  • SecureSocket and RTMPS with OpenSSL is not sending "server_name" SNI headers.
  • Flash Player will not connect via SecureSocket to a server running only TLS1.2.

New Features:
Not for PC.

Security Enhancements:
  • Use After Free: Remote Code Execution [Critical] (CVE-2018-4919)
  • Type Confusion: Remote Code Execution [Critical] (CVE-2018-4920)

Version 28.0.0.161 11.1 MiB Works with Firefox 4.0 - 56.*, SeaMonkey 2.1 - *

New plugin release v28.0.0.161

Fixed Issues:
  • Assorted security and functional fixes

Security Enhancements:
  • Use After Free: Remote Code Execution [Critical] (CVE-2018-4878)
  • Use After Free: Remote Code Execution [Critical] (CVE-2018-4877)

Version 28.0.0.137 11.1 MiB Works with Firefox 4.0 - 56.*, SeaMonkey 2.1 - *

New plugin release v28.0.0.137

Security Enhancements:
  • Out-of-bounds Read: Information Disclosure [Important] (CVE-2018-4871)

New plugin release v28.0.0.126

Fixed Issues:
  • Memory leak is observed when running a Stage3D application using Baseline_Constrained profile (FP-4198562)
  • The volume slider is not visible while playing the video CHUD-2-Bud-The-Chud in fullscreen mode.
  • (Playback issues are observed while playing the DRM content on Chrome.)
  • (File upload dialog becomes unresponsive on Chrome when using the Scratch editor (FP-4198254))

New Features:
  • Some AIR features mostly for iOS and Android

Security Enhancements:
  • Business Logic Error - Unintended reset of global settings preference file [Moderate] (CVE-2017-11305)

Version 27.0.0.187 11.1 MiB Works with Firefox 4.0 - 56.*, SeaMonkey 2.1 - *

New plugin release v27.0.0.187

Fixed Issues:
  • LoadMovie on layers other than 0 causes access violation in C# WinForms (FP-4198533).
  • Flash Player quits unexpectedly before the content is loaded in certain cases.

Security Enhancements:
  • Out-of-bounds Read - Remote Code Execution [Critical] (CVE-2017-3112)
  • Out-of-bounds Read - Remote Code Execution [Critical] (CVE-2017-3114)
  • Out-of-bounds Read - Remote Code Execution [Critical] (CVE-2017-11213)
  • Use after free - Remote Code Execution [Critical] (CVE-2017-11215)
  • Use after free - Remote Code Execution [Critical] (CVE-2017-11225)

Version 27.0.0.170 11.1 MiB Works with Firefox 4.0 - 56.*, SeaMonkey 2.1 - *

New plugin release v27.0.0.170

Fixed Issues (done in v27.0.0.159):
  • Audio device selection not working when there are multiple devices with same name(FP-4198585)
  • Content freezes while switching the tabs on Firefox (FP-4198571, FP-4198555)
  • Video stops rendering after minimizing/restoring the Firefox browser window.

Security Enhancements:
  • Type Confusion - Remote Code Execution [Critical] (CVE-2017-11292)

Version 27.0.0.130 11.0 MiB Works with Firefox 4.0 - 56.*, SeaMonkey 2.1 - *

New plugin release v27.0.0.130

Fixed Issues:
  • The application will behave abnormally when spacebar is pressed in the Text Field.(FP-4198253)
  • [Win10] Context menu displayed with Offset when Flash Player movie fullscreen on Chrome(FP-4198406)

New Features:
  • Support Audio Output Selection in Flash Player
  • Support ActionScript API for Audio Device Manager

Security Enhancements:
  • Memory Corruption - Remote Code Execution [Critical] (CVE-2017-11281)
  • Memory Corruption - Remote Code Execution [Critical] (CVE-2017-11282)

Version 26.0.0.151 11.0 MiB Works with Firefox 4.0 - 56.*, SeaMonkey 2.1 - *

New plugin release v26.0.0.151

Fixed Issues:
  • Graphics vector assets are not rendering properly.(FP-4198401)
  • 2.5D rotation is not working as expected on Windows and Mac Chrome (FP-4198483)

Security Enhancements:
  • Security Bypass - Information Disclosure [Important] (CVE-2017-3085)
  • Type Confusion - Remote Code Execution [Critical] (CVE-2017-3106)

Version 26.0.0.131 11.0 MiB Works with Firefox 4.0 - 56.*, SeaMonkey 2.1 - *

New plugin release v26.0.0.131

Fixed Issues:
  • Buttons can't be clicked in some AS2 content (FP-4198473)

Version 26.0.0.126 11.0 MiB Works with Firefox 4.0 - 56.*, SeaMonkey 2.1 - *

New plugin release v26.0.0.126

Fixed Issues:
  • removeMovieClip() method is not working as expected(FP-4198425,FP-4198400)
  • catalog.kaientai.cc viewer application quits unexpectedly. (FP-4198403)
  • Video quits unexpectedly while playing from tw.youvivid.com/preview_showcase.asp (FP-4198402)
  • Flash Player quits unexpectedly upon interaction with site tabs(FP-4198407)
  • [Win 10]Incorrect KeyboardEvent CharCode while shift is pressed(or Capslock)(FP-4198430)
  • FileReference size and creationDate throws IO Error (FP-4198443)

New Features:
  • iOS, Edge, mobile features

Security Enhancements:
  • Use After Free - Remote Code Execution [Critical] (CVE-2017-3075, CVE-2017-3081, CVE-2017-3083, CVE-2017-3084)
  • Memory Corruption - Remote Code Execution [Critical] (CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3082)

Version 25.0.0.171 10.8 MiB Works with Firefox 4.0 - 56.*, SeaMonkey 2.1 - *

New plugin release v25.0.0.171

Fixed Issues:
  • Previous slide's video's audio keeps playing even when next slide is loaded (FLASH-4187660)

Security Enhancements:
  • These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2017-3071).
  • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074).

Version 25.0.0.148 10.8 MiB Works with Firefox 4.0 - 56.*, SeaMonkey 2.1 - *

New plugin release v25.0.0.148

Fixed Issues:
  • [Windows]Flash player unresponsive after connecting with the socket.(FP-4198296)

Security Enhancements:
  • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2017-3058, CVE-2017-3059, CVE-2017-3062, CVE-2017-3063).
  • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-3060, CVE-2017-3061, CVE-2017-3064).

Version 25.0.0.127 11.0 MiB Works with Firefox 4.0 - 56.*, SeaMonkey 2.1 - 2.52

New plugin release v25.0.0.127

Fixed Issues:
  • Pressing Space bar in the Text Field makes the app behave abnormally.( FP-4198253)
  • Flash Player 24.0.0.221 quits unexpectedly(FP-4198250)
  • Unresponsive behaviour is observed for microphone on Windows 10/FireFox (FP- 4061929)
  • [Windows 10] Movie reload or restart playing when user clicks "SPACE" key. (FP-4198252)
  • Multiple security and functional fixes

Security Enhancements:
  • These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2017-2997).
  • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-2998, CVE-2017-2999).
  • These updates resolve a random number generator vulnerability used for constant blinding that could lead to information disclosure (CVE-2017-3000).
  • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2017-3001, CVE-2017-3002, CVE-2017-3003).

Version 24.0.0.221 10.8 MiB Works with Firefox 4.0 - 56.*, SeaMonkey 2.1 - *

New plugin release v24.0.0.221

Fixed Issues:
  • Multiple security and functional fixes

Security Enhancements:
  • These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2017-2995).
  • These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2017-2987).
  • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2017-2982, CVE-2017-2985, CVE-2017-2993, CVE-2017-2994).
  • These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2017- 2984, CVE-2017-2986, CVE-2017-2992).
  • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-2988, CVE-2017-2990, CVE-2017-2991, CVE-2017-2996).
  • Version 24.0.0.194 10.8 MiB Works with Firefox 4.0 - 56.*, SeaMonkey 2.1 - *

    New plugin release v24.0.0.194

    Fixed Issues:
    • Socket connection fails with Security error#2048.(4198184)
    • Event handler Event.CONNECT is not called when using flash.net.Socket to connect the server. (4198188)

    Security Enhancements:
    • These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2017-2938).
    • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2017-2932, CVE-2017-2936, CVE-2017-2937).
    • These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2017-2927, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935).
    • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-2925, CVE-2017-2926, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931).

    Version 24.0.0.186 10.8 MiB Works with Firefox 4.0 - 56.*, SeaMonkey 2.1 - 2.51

    New plugin release v24.0.0.186

    Fixed Issues:
    • Enabling async drawing shows boundaries for transparent object (4196843).
    • Worker is taking more time to write object in a shared byte array (4170367).
    • "ALT GR+0" Does not return @ on french layout Keyboard(4196791)
    • Blank screen is observed until mouse click received after enabling Async drawing (4197066).
    • Scaling the swf does not trigger a corresponding scaling of the hit area of elements in browser(4197425).
    • Flash Player quits unexpectedly while playing http://www.evil3d.cn/example/ (4195719)
    • Black screen is observed when video is seeking on Chrome(4186499).
    • Seek bar does not appear on hovering mouse cursor on video(4186564).
    • Action Script is unable to handle MOUSE_MOVE event(4186547).

    New Features:
    • Spherical video support in Flash and AIR
    • Separate HTTP and HTTPS permissions for Camera and Microphone
    • Improved support for high resolution displays on Firefox for Windows

    Security Enhancements:
    • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-7872, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7892).
    • These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870).
    • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-7871, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876).
    • These updates resolve a security bypass vulnerability (CVE-2016-7890).

    Version 23.0.0.207 10.8 MiB Works with Firefox 4.0 - 56.*, SeaMonkey 2.1 - 2.49

    New plugin release v23.0.0.207

    Fixed Issues:
    • Stability bugs and security fixes

    Security Enhancements:
    • These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2016-7860, CVE-2016-7861, CVE-2016-7865).
    • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864).

    Version 23.0.0.205 10.8 MiB Works with Firefox 4.0 - 56.*, SeaMonkey 2.1 - 2.49

    New plugin release v23.0.0.205

    Security Enhancements:
    • These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2016-7855).

    Version 23.0.0.185 10.8 MiB Works with Firefox 4.0 - 56.*, SeaMonkey 2.1 - 2.49

    New plugin release v23.0.0.185

    Security Enhancements:
    • These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2016-6992).
    • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-6981, CVE-2016-6987).
    • These updates resolve a security bypass vulnerability (CVE-2016-4286).
    • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, CVE-2016-6990).

    Version 23.0.0.162 10.8 MiB Works with Firefox 4.0 - 56.*, SeaMonkey 2.1 - 2.49

    New plugin release v23.0.0.162

    Fixed Issues:

      New Features:
      • Mozilla NPAPI AsyncDrawing Support
      • HSTS Support in Flash Player
      • Disabling local-with-filesystem access in Flash Player by default
      • Video and Camera support for Stage3D by VideoTexture for Flash Player (Release)

      Security Enhancements:
      • These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2016-4287).
      • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932).
      • These updates resolve security bypass vulnerabilities that could lead to information disclosure (CVE-2016-4271, CVE-2016-4277, CVE-2016-4278).
      • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, CVE-2016-6924).

      Version 22.0.0.209 10.7 MiB Works with Firefox 4.0 - 56.*, SeaMonkey 2.1 - 2.48

      New plugin release v22.0.0.209

      Fixed Issues:
      • Embedded Flash player in Adobe Reader fails to load in Firefox and Internet Explorer (4167793)
      • [Windows]Blank screen is observed and content is not loading (4165783)
      • [Windows]Blank artifacts are observed while playing some 3D content (4166319)

      New Features:

        Security Enhancements:
        • These updates resolve a race condition vulnerability that could lead to information disclosure (CVE-2016-4247).
        • These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2016-4223, CVE-2016-4224, CVE-2016-4225).
        • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4248).
        • These updates resolve a heap buffer overflow vulnerability that could lead to code execution (CVE-2016-4249).
        • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246).
        • These updates resolve a memory leak vulnerability (CVE-2016-4232).
        • These updates resolve stack corruption vulnerabilities that could lead to code execution (CVE-2016-4176, CVE-2016-4177).
        • These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2016-4178)

        Version 22.0.0.192 10.7 MiB Works with Firefox 4.0 - 51.0, SeaMonkey 2.1 - 2.48

        New plugin release v22.0.0.192

        Fixed Issues:
        • SecurityError.prototype in Dictionary throws an exception [4100136]
        • Printing via FlexPrintJob, border of the "Print" button is missing [4136816]
        • Player crashes if "totalFrames" property of a loaded volatile MovieClip is accessed [4127339]
        • XML attributes randomly receiving null characters [4100928]
        • PPAPI Printed rectangle gets shifted in position [4119300]
        • [Chrome Only] Portrait mode prints objects smaller as compared to landscape mode [4122310]
        • DisplayObject.setScrollRect is throwing error 1508 [4150980]
        • Space metacharacter [\s] doesn't include non-breaking spaces [\xA0] [4138365]
        • Error#1508 thrown on site https://app.kwanti.com/tools and blank screen appears [4136470]
        New Features:
        • EnableLocalAppData
        • Override Flash Player's default language via mms.cfg
        Security Enhancements:
        • These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2016-4144, CVE-2016-4149).
        • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-4142, CVE-2016-4143, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148).
        • These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2016-4135, CVE-2016-4136, CVE-2016-4138).
        • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4137, CVE-2016-4141, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171).
        • These updates resolve a vulnerability in the directory search path used to find resources that could lead to code execution (CVE-2016-4140).
        • These updates resolve a vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2016-4139).

        Version 21.0.0.242 10.7 MiB Works with Firefox 4.0 - 50.0, SeaMonkey 2.1 - 2.47

        First AMO release of 64-bit version.

        Plugin v21.0.0.242 release notes

        Fixed Issues:
        • Truncation and printing issues on http://www.usflashmap.com/ (4129993)
        • Space metacharacter (\s) is no longer including non-breaking spaces (\xA0) (4137804)
        • Fixed instability issues encountered with certain Mac video cards
        Security Enhancements:
        • These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2016-1105, CVE-2016-4117).
        • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4110).
        • These updates resolve a heap buffer overflow vulnerability that could lead to code execution (CVE-2016-1101).
        • These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2016-1103).
        • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115).
        • These updates resolve a vulnerability in the directory search path used to find resources that could lead to code execution (CVE-2016-4116).