Mozilla launches plugin security check

Author: Gareth Halfacree
Published: 15th October 2009
Comments (5) Stumble
Mozilla launches plugin security check

The Plugin Check page uses a central database to see if your Firefox install is leaving itself open to attack.

The Mozilla Foundation has launched an innovative plugin checker which helps Firefox users ensure that they're not opening themselves up to security issues with the plugins that they have installed.

Launched earlier this week, the Plugin Check page checks add-ons for known vulnerable versions, along with information about any plugins which might be out of date. While the Firefox browser has long featured the ability to check for outdated add-ons, the fact that plugins - often used for media playback within the browser - are provided directly from a third party and not through the Mozilla website means that there has been no easy way to ensure that users are protected against vulnerabilities in a timely manner.

With various vulnerabilities in web browser plugins being exploited over the years, it's something the team over at Mozilla have clearly been concerned about. The new page is a convenient one-stop shop for finding newer versions of installed plugins, along with links for grabbing an updated version should the dust be gathering on the version you've got installed.

The page queries a central database - which developers can update themselves with information regarding outdated and vulnerable versions of their plugins - and has been developed specifically so the system could be integrated into the browser in future in a similar way to the add-on version checker tool. The team is also looking to integrate the JavaScript-based plugin detection system with Firefox's in-built crash reporting system, thus giving developers a key insight into which plugins could be causing browser crashes.

More information about the Plugin Check page is available on the Foundation's web development and security blogs, and the page itself is live now.

Do you believe that the ability to check for updated plugins is a vital requirement of a modern web browser, or is this just a nice-to-have that the team have been working on? Should the Mozilla Foundation be concentrating their efforts elsewhere? Share your thoughts over in the forums.
Quote Flibblebot 15th October 2009, 15:29
Problem is that it relies on the plugin publishers to update their own information - and since any system is only as strong as its weakest link, this is a fairly major flaw.

Forum link missing in article, btw.
Quote leexgx 15th October 2009, 16:33
reported the link missing part on main page

i think there is nothing stopping others firefox from puting there own warnings on there

http://www.bit-tech.net/news/bits/2009/10/15/mozilla-launches-plugin-security-check/1 (if not fixed)
Quote Shagbag 15th October 2009, 18:44
This is a good idea and I hope to see it rolled out across all browsers. Of course IE users will have to wait for Google to release the patch for IE.
Quote Sparrowhawk 15th October 2009, 22:13
It's a good idea. Fibblebot, the way I see it if the publishers don't update their information and problems are reported, the Open Source community might just whip up an alternative.
Quote thehippoz 15th October 2009, 22:39
protecting their product.. alot like the microsoft driver scheme
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.





Dragonage