Flash Updates in Firefox

Mike Morgan

6

This week, Firefox 3.6.4 was released with out-of-process plugin support. This means that when plugins crash, it doesn’t take the browser with them.

But please remember: it’s still important to keep your plugins up-to-date. Out-of-date plugins can be a security risk.

In a previous blog, I talked about the blocklist service in Firefox and its role in keeping users informed and up-to-date with regards to plugins. It looks something like this:

Step 1

As a follow-up to that post, I walked through the update process for Firefox. Here were my testing steps:

  1. Edit my blocklist.xml files and preferences to blocklist the Flash filename on each platform.
  2. Restart Firefox
  3. Visit YouTube (or any page with Flash on it)
  4. Follow the on-screen prompts until you reach our goal: a browser running an up-to-date version of Flash

Adobe and Mozilla both need to make this process easier for users. In summary, this is how it went:

  • Windows: 9 steps, 2 unnecessary software downloads from Adobe
  • Mac: 15 steps
  • Linux: 6 steps, high likelihood of failure or conflict with package manager

Safe to say that there are many ways we can improve this process:

  • Show specific warnings about which plugins are out of date
  • Don’t have an intermediate step on the plugin checker
  • Do not have the McAfee opt-out on the Flash download page
  • Do not force people to download the XPI (Firefox could use an external installer + hash check like it does with PFS)
  • Eliminate any steps you can — get it down to a one-click experience if possible

Protecting users from plugin crashes is a great thing, and I’m looking forward to seeing the plugin update experience becoming just as awesome.

6 responses

  1. Nathaniel Tucker wrote on ::

    Mad props for using Starcraft 2 as an example youtube video. :D

  2. Tomer Cohen wrote on ::

    Google recently started to bundle Flash on their browser, which is making first-time Flash installation smoother than on Firefox, and updating it should be easy as they use the same update channel also for Flash updates.

    We need to talk with Adobe on bringing similar user experience to Firefox. We can, for example, repack their plugin in XPI, and offer it on the first run page, or make the plugin installer to actually work and not to redirect you to their download page. As we will do it and have Flash XPI, we will be able to use the extensions update mechanism for updating Flash.

  3. morgamic wrote on ::

    Thanks for the comment, Tomer. One thing to note is that for people who do not have Flash installed, our plugin finder service (PFS) has the capability to use an external installer coupled with a hash check for relatively seamless Flash installation (try it!).

    I don’t know why we don’t reuse the same mechanisms for updates, but it certainly would be possible. I think we can hit something as easy as what Chrome offers, but do it a little differently in that people would opt-in and always be aware of what software is being installed, etc. — following suit with things like the extension update workflow and application updates in Firefox.

  4. LaFIe wrote on :

    As knowledgeable computer user, the way Firefox handle plugins like flash is fine for me b/c I run the File Hippo Updater notification program. However, I have seen family member and friends oblivious to plugins like flash and the security risk involved.

    My dad for example would just ignore blocklist warning if it came up. I am especially worried about outdated Flash plugins b/c severe security risks and b/c Adobe updating process is horrendous. I recently migrated him to Google Chrome b/c Chrome updates everything including Flash in the background so I don’t have to worry about outdated plugins.

    I know Mozilla thinks that HTML 5 is the future and it is, but how about the long interim. Maybe integrate Flash like Chrome, but allow the user to turn it off in for whatever reasons? This would protect the vast majority of Firefox users, while also satisfy the tech heads who want an option.

  5. gb wrote on :

    Starcraft2 and Husky rulez btw : )

  6. James wrote on :

    For Windows, there is a much better way to download Flash: http://get.adobe.com/flashplayer/thankyou/?installer=Flash_Player_10.1_for_Windows_-_Other_Browsers

    It avoids the useless add-on and the McAfee opt-out. I didn’t count the number of steps, but it cuts some. I originally found that link because it was recommended on the Firefox support site, so I hope that the plugins site can switch to it too.