Feeds

Mozilla detects insecure plugins for IE, Chrome, Safari

Protection beyond Firefox

Protecting against web application threats using SSL

Updated Mozilla has introduced a service that checks plugins for the Internet Explorer, Chrome, Opera, and Safari browsers to make sure they don't contain known bugs or security vulnerabilities.

The page builds off a feature rolled out last year that checked only for out-of-date plugins for Firefox. At the moment, the service offers limited coverage for Internet Explorer extensions, but Mozilla says it plans to offer full coverage eventually.

"We believe that plugin safety is an issue for the web as a whole, so while our initial efforts focused on building a page that would work for Firefox users, the team has since expanded plugin check coverage to work with Safari 4, Chrome 4, and Opera 10.5," Johnathan Nightingale, Mozilla's Director of Firefox Development, writes here.

The check is designed to gently nag people who are using out-of-date versions of Adobe Flash, Oracle's Java Virtual Machine, and many other types of software that work closely with standard web browsers. Indeed, in the weeks after Mozilla introduced a page that checked for for Flash, it caught more than half of Firefox installations running an insecure version Adobe's web animation software.

That figure has improved slightly since then, with "over 60% of the users we see on the plugin check" running the most recent version of Flash, Nightingale says. Older versions of Flash are regularly exploited in malware drive-by attacks, so it's still problematic that such a high percentage of users leave themselves vulnerable. But the proportion of up-to-date Flash installations for Firefox is better than figures Mozilla cited for the web as a whole.

In quick tests we ran on the service, we noticed a small discrepancy: While loading the page in Firefox, we received a message that version 11.5.6.606 of Adobe's Shockwave for Director was the most current, while the same page loaded into Opera and Safari indicated we should update to version 11.5.7.609. Mozilla, it would seem, is no better than the rest of us at us at navigating Adobe's confusing road to patch Nirvana.

Still, kinks such as that one will probably be straightened out soon enough. More important is that Mozilla is stepping up and offering sensible protections designed to lower the number of people running insecure apps. Which makes you wonder why a service like this wasn't offered long ago. ®

Update

As of Wednesday morning, Mozilla's plugin check for Firefox now detects Shockwave version 11.5.6.606 as out of date. But the overall thrust of our comment - that the service delivers inconsistent results depending on the browser - still holds true.

For instance, loading the page in Firefox, we get a message that QuickTime 7.6.6.0 is up to date. Loading it in Opera or Safari, QuickTime 7.6.6.0 is displayed, but it is accompanied by the text "Unable to Detect Plugin Version."

At least two Reg readers say in the comments section they are having problems as well. Again, this is a great service, but it doesn't appear to be fully functional yet.

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.