Feeds

Mozilla detects insecure plugins for IE, Chrome, Safari

Protection beyond Firefox

Using blade systems to cut costs and sharpen efficiencies

Updated Mozilla has introduced a service that checks plugins for the Internet Explorer, Chrome, Opera, and Safari browsers to make sure they don't contain known bugs or security vulnerabilities.

The page builds off a feature rolled out last year that checked only for out-of-date plugins for Firefox. At the moment, the service offers limited coverage for Internet Explorer extensions, but Mozilla says it plans to offer full coverage eventually.

"We believe that plugin safety is an issue for the web as a whole, so while our initial efforts focused on building a page that would work for Firefox users, the team has since expanded plugin check coverage to work with Safari 4, Chrome 4, and Opera 10.5," Johnathan Nightingale, Mozilla's Director of Firefox Development, writes here.

The check is designed to gently nag people who are using out-of-date versions of Adobe Flash, Oracle's Java Virtual Machine, and many other types of software that work closely with standard web browsers. Indeed, in the weeks after Mozilla introduced a page that checked for for Flash, it caught more than half of Firefox installations running an insecure version Adobe's web animation software.

That figure has improved slightly since then, with "over 60% of the users we see on the plugin check" running the most recent version of Flash, Nightingale says. Older versions of Flash are regularly exploited in malware drive-by attacks, so it's still problematic that such a high percentage of users leave themselves vulnerable. But the proportion of up-to-date Flash installations for Firefox is better than figures Mozilla cited for the web as a whole.

In quick tests we ran on the service, we noticed a small discrepancy: While loading the page in Firefox, we received a message that version 11.5.6.606 of Adobe's Shockwave for Director was the most current, while the same page loaded into Opera and Safari indicated we should update to version 11.5.7.609. Mozilla, it would seem, is no better than the rest of us at us at navigating Adobe's confusing road to patch Nirvana.

Still, kinks such as that one will probably be straightened out soon enough. More important is that Mozilla is stepping up and offering sensible protections designed to lower the number of people running insecure apps. Which makes you wonder why a service like this wasn't offered long ago. ®

Update

As of Wednesday morning, Mozilla's plugin check for Firefox now detects Shockwave version 11.5.6.606 as out of date. But the overall thrust of our comment - that the service delivers inconsistent results depending on the browser - still holds true.

For instance, loading the page in Firefox, we get a message that QuickTime 7.6.6.0 is up to date. Loading it in Opera or Safari, QuickTime 7.6.6.0 is displayed, but it is accompanied by the text "Unable to Detect Plugin Version."

At least two Reg readers say in the comments section they are having problems as well. Again, this is a great service, but it doesn't appear to be fully functional yet.

The smart choice: opportunity from uncertainty

More from The Register

next story
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.