The Register® — Biting the hand that feeds IT

Feeds

Mozilla service detects insecure Firefox plugins

Slated for browser embedding

By Dan Goodin, 14th October 2009
  • print
  • alert

Customer Success Testimonial: Recovery is Everything

Mozilla has introduced a service that checks Firefox browser plugins to make sure they don't have known security vulnerabilities or incompatibilities.

The service debuted on Tuesday with this page, which checks 15 plugins to make sure they're the most recent versions. Over time, Mozilla developers plan to scan additional addons, and they also plan to embed a feature into version 3.6 of the open-source browser that will automatically indicate which plugins used on a current page are out of date.

The offering builds on a feature Mozilla rolled out last month that warned Firefox users when they had an out-of-date version of Adobe's Flash media player installed. In its first week, Mozilla statistics showed more than half of those who installed the latest Firefox release were running an insecure version of the frequently attacked plugin.

Not that the service has necessarily gotten off to as good a start as one might hope. Our tests failed to detect the use of Adobe Reader, another application widely abused by criminals. And other plugins, such as Google Picasa and the iTunes Application Detector were also left out in the cold.

But as Mozilla makes clear here, the page is only the beginning. Eventually, the organization plans to "create a self-service panel for vendors to update their plugin info as new releases come out."

It's initiatives such as these that demonstrate Mozilla's dedication to the security of its users, and for that it deserves props. When legions of end users keep internet-facing software updated, we all win. ®

Ensure Ease of Recovery with Asigra’s Agentless Software

COMMENTS

House Rules Send Corrections
All Reader Comments (7)
Latest Comments
C. Fuhrman

Too bad that Firefox had to raise the bar, but at least they did it.

How many times has Adobe's Flash and Reader plug-in had exploitable vulnerabilities, and yet there are no auto-update features? Actually, Adobe Acrobat has an update that works if you buy the full version (not the free reader).

Check out another useful tool: Secunia PSI (works for more than just plug-ins, and finds all third-party software on your PC that is at risk and needing updates).

0
0
Tom Chiverton 1

@AC

extensions != plugins

0
0
Anonymous Coward

Perhaps I am missing something...

Doesn't firefox already provide this functionality for ALL extensions within the addon manager (the 'Find updates' button), and does it not also check for updates to extensions on startup?

0
0

More from The Register

breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
Yes, maybe we should keep hackers in the clink for YEARS, mulls EU
Watch out black hats, they just might throw away the key
39
Microsoft borks botnet takedown in Citadel snafu
Stupid Redmond kicked over our honeypots, wail white hats
19
Critical Java SE update due Tuesday fixes 40 flaws
And yes, most are remotely exploitable
33
Kaspersky slips server security into PC software as attackers get crafty
Want to bag a CEO? Aim for his family
8
NSA accused of new crimes ... against slideware
They may take our information but they cannot take our REFINED AESTHETICS
40