Feeds

Mozilla detects insecure plugins for IE, Chrome, Safari

Protection beyond Firefox

Security for virtualized datacentres

Updated Mozilla has introduced a service that checks plugins for the Internet Explorer, Chrome, Opera, and Safari browsers to make sure they don't contain known bugs or security vulnerabilities.

The page builds off a feature rolled out last year that checked only for out-of-date plugins for Firefox. At the moment, the service offers limited coverage for Internet Explorer extensions, but Mozilla says it plans to offer full coverage eventually.

"We believe that plugin safety is an issue for the web as a whole, so while our initial efforts focused on building a page that would work for Firefox users, the team has since expanded plugin check coverage to work with Safari 4, Chrome 4, and Opera 10.5," Johnathan Nightingale, Mozilla's Director of Firefox Development, writes here.

The check is designed to gently nag people who are using out-of-date versions of Adobe Flash, Oracle's Java Virtual Machine, and many other types of software that work closely with standard web browsers. Indeed, in the weeks after Mozilla introduced a page that checked for for Flash, it caught more than half of Firefox installations running an insecure version Adobe's web animation software.

That figure has improved slightly since then, with "over 60% of the users we see on the plugin check" running the most recent version of Flash, Nightingale says. Older versions of Flash are regularly exploited in malware drive-by attacks, so it's still problematic that such a high percentage of users leave themselves vulnerable. But the proportion of up-to-date Flash installations for Firefox is better than figures Mozilla cited for the web as a whole.

In quick tests we ran on the service, we noticed a small discrepancy: While loading the page in Firefox, we received a message that version 11.5.6.606 of Adobe's Shockwave for Director was the most current, while the same page loaded into Opera and Safari indicated we should update to version 11.5.7.609. Mozilla, it would seem, is no better than the rest of us at us at navigating Adobe's confusing road to patch Nirvana.

Still, kinks such as that one will probably be straightened out soon enough. More important is that Mozilla is stepping up and offering sensible protections designed to lower the number of people running insecure apps. Which makes you wonder why a service like this wasn't offered long ago. ®

Update

As of Wednesday morning, Mozilla's plugin check for Firefox now detects Shockwave version 11.5.6.606 as out of date. But the overall thrust of our comment - that the service delivers inconsistent results depending on the browser - still holds true.

For instance, loading the page in Firefox, we get a message that QuickTime 7.6.6.0 is up to date. Loading it in Opera or Safari, QuickTime 7.6.6.0 is displayed, but it is accompanied by the text "Unable to Detect Plugin Version."

At least two Reg readers say in the comments section they are having problems as well. Again, this is a great service, but it doesn't appear to be fully functional yet.

Beginner's guide to SSL certificates

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
NOT OK GOOGLE: Android images can conceal code
It's been fixed, but hordes won't have applied the upgrade
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.