Mozilla Readies Its PluginCheck Web Page

The check to be performed automatically in the upcoming Firefox 3.6

By on October 7th, 2009 15:00 GMT
Mozilla is preparing to launch a previously promised Web page that will check if a user's plugins are outdated. While for now it has to be manually accessed in order for the check to be performed, all this will happen automatically starting with Firefox 3.6.

Firefox 3.5.3 and 3.0.14 versions introduced a new feature that checked the version of the installed Adobe Flash Player plugin. Flash Player is estimated to be installed on 99% of all Internet-enabled desktops, which makes it a target for attackers looking to infect computers with malware by exploiting its vulnerabilities.

The Flash Player plugin check was performed through a Web page, which automatically opened after Firefox got updated to 3.5.3 or 3.0.14. It instructed users to download and install the latest version of the plugin from Adobe's website, and according to statistics, around 30% of users chose to do so.

Mozilla promised a page capable of checking the version of other plugins as well. A test version of that page has been launched and is available at https://www-trunk.stage.mozilla.com/en-US/plugincheck/. Visiting it at the moment will result in an SSL certificate, but that's intended and can be resolved by adding an exception.

In a post on the Mozilla Web Development blog, it is noted that unfortunately not all plugins can be checked, because their creators don't provide the version in their description. Such is the case of Adobe Acrobat, Windows Media Player Plug-in and RealPlayer for Mac.

There are several status messages that a user can see after a plugin is checked: "You’re Safe," means the latest version is installed and is accompanied by a "Learn More" button linking to the vendor's website; "Potentially Vulnerable" means that the version of the plugin is either old or unknown and the user is presented with an "Update" button; "Update Now" is displayed when the version is old and there is a known exploit targeting it and is accompanied by an "Vulnerable" button; "Vulnerable No Fix" is pretty much self-explanatory and has a "Disable Now" button.

As the testing of this page goes forth, Mozilla prepares the Beta release of Firefox 3.6, which will make full use of it. A Firefox developer named Blair McBride explains that this version of the browser will perform the check automatically when any page calling a plugin is opened. If the version is outdated, the browser will display an alert bar that provides an "Update Plugins" button. Clicking on it will open the PluginCheck page described in this article. "Additionally, the Plugins tab of the Extension Manager (Tools -> Add-ons) will indicate which of your plugins are out of date. You can also get to the Plugin Check page from there," Mr. McBride writes.

Comments