Prompting our users to update their plugins

Jorge Villalobos

139 responses

Firefox users who have outdated versions of the most popular plugins will soon see a notification urging them to update when they visit a web page that uses them. Old versions of Silverlight, Adobe Reader and Adobe Flash on Windows are covered by this.

While you are free to ignore the warnings and continue using your old plugins, we strongly recommend that you go to our Plugin Check page and update them as soon as possible. Old plugin versions can cause stability problems and are potentially insecure. Keeping them up to date will ensure that you have a great Firefox experience.

139 responses

  1. Pavel Cvrček wrote on :

    How such warning will look like? Any screenshot?

    1. Jorge Villalobos wrote on :

      It shows above the content as a little notification bar that indicates you should update. It has a button that lead to the plugin check page. I don’t have any screenshots handy, sorry.

    2. rctgamer3 wrote on :

      As a theme developer, I need to be able to test these new notifications. What’s the quickest way to test these? Do I need to downgrade to a vulnerable plugin (temporarily), or can I trigger these notifications (manually) somehow?

      1. Jorge Villalobos wrote on :

        You need to downgrade to an old version of a plugin. You can find the blocked version ranges on this page (see the entries for October 5th).

  2. Ferdinand wrote on :

    Can’t you help the user with updating plugins like Chrome does? Even for a nerd it is a 30min to 2 hour process to update silverlight, java, flash etc. Those are hundreds of MB and take a long time to install on a HD. A lot of plugins also install spyware and infect every browser on the system with crap(especially java) Please try to do this in the background for users.

    1. Ken Saunders wrote on :

      Man o man, Christmas early!
      I’ve waited a long time for this.
      I would really like to be notified about the outdated plugins even before visiting a page that uses one.
      It should be possible since Firefox will be scanned anyway and checked.
      Jorge, please write an add-on to do that. 🙂

    2. Jorge Villalobos wrote on :

      Yes, updating plugins automatically is definitely something we have in mind, but I couldn’t give you any idea of when we would actually get to doing that. There is other work in the add-ons manager that is much more important, and even that will take a while.

      1. Simon Phillips wrote on :

        i think ken was being sarcastic. because we don’t want to be bothered with annoying messages that try to force us to update flash…. flash 11 is complete garbage programming.. it may be good for most but some of us are still using older (2005) systems that have plenty power and yet this new flash 11 has extra code that breaks it on a 32 bit single core x86 2.2 GHz CPU. until i know from other users experience that this code has been properly de-bloated and optimized i’ll stick with outdated software… not everyone has $100’s of $$$ to blow on updating their PC

    3. rctgamer3 wrote on :

      @Ferdinand: Try Ninite. It generates a setup for the programs available on their website. Whenever my plugins (such as Flash, Java, Java x64, Silverlight) are outdated, I just run the executable again, and updates them automatically. It also skips the stupid OpenCandy junk included in some setups, chooses the right build (x32 /x64) and much more.
      http://ninite.com

      An auto-update feature for these plugins would be awesome though, especially for people who don’t regularly (check for) updates and are using vulnerable plugin versions.

  3. Bryan Quigley wrote on :

    I think it’s better for the Internet (and more secure for the users) to encourage people to uninstall plugins they might not use. Is there anyway to see if they have actually used Silverlight before you decide they need it upgraded? Obviously, this doesn’t work where if it’s being checked on pages that require it, but maybe somewhere else.

    It does seem pushing for an end to plugins is more in line with the Mozilla Manifesto.

    1. Ferdinand wrote on :

      That is a nice goal for 2017 but we need solutions in 2012-2013.

    2. Jorge Villalobos wrote on :

      In this case, users won’t see any messages or warnings unless they visit a page with the affected plugins.

  4. D. J. wrote on :

    The descriptions you’ve provided here (found after 3 hours of searching) do not fully match what is happening on my computer. Firefox is automatically going to the Plugin Update Checker without permission from me. It is nagging every time I turn on the computer. It took an entire day to update Flash Player (and the Flash Player update is multiplying in the Task Manager). The Adobe Reader X failed to function in several other programs that use the PDF Reader. Mozilla has intruded into my computer, changed my configuration preferences without my permission, and wasted way too much of my time while playing at BabySitter. [Does Mozilla work for the current administration??] Unless this Update checker gets turned off, I will have no choice but to find a replacement for Firefox. I just cannot afford the time costs associated with software that dictates to people.

    1. Jorge Villalobos wrote on :

      Which version of Firefox and what operating system are you using? The block shouldn’t take you to the plugin check page automatically. You’re the first one to report this, but there was some exceptionally high traffic on our plugin check that could be attributed to it. Can you give us more details?

      1. David Berrien wrote on :

        I’d like the ability to control how often the Plugin Check page automagically opens when I start Firefox. It’s annoying, because it doesn’t recognize many of my plugins, and some of them are “out of date” on purpose. For instance, I use Acrobat Professional 6.0, and for financial reasons, don’t wish to upgrade to Acrobat Pro X, so I’d kindly like Firefox to stop nagging me about it. I don’t want Reader, because it doesn’t play nice with Acrobat. I had to reinstall Acrobat and Reader several times, trying to get them to co-operate (Thanks, Adobe) and finally uninstalled Reader altogether. I now use Foxit Reader with Firefox, but because Acrobat 6 is still installed, Firefox is nagging I have several plugins added by National Instruments LabVIEW (data acquisition software) that Firefox and Mozilla don’t know what to do with. Can I please just ask Firefox to kindly stop bothering me with this stuff? Let me know. I already figured out how to stop the Infobar nag. This is the Plugin Check Page opening far too often. I want to manage this on MY schedule, thanks.

        1. Jorge Villalobos wrote on :

          Another commenter mentioned the same problem of the plugin check page being opened on its own. Can you please give us more details about your system? Which Firefox version to you have installed? What operating system? When is the page opened?

          1. David Berrien wrote on :

            Firefox 16.0.1
            Windows XP, SP3, fully patched

            The Plugin check page opens whenever I start a new session of Firefox, probably because I have several “outdated plugins”, as I explained earlier.

            I had a look at Gianni’s suggestion below, and I’ve edited the scan for Acrobat. I do want to keep Flash updated, but it’s not very convenient to do for Firefox, at least in my experience. The problem is that I have to go through the process of unchecking the McAfee download, download the installer, find it, run it and then watch it take me to the IE Flash page… I have to keep IE as my default browser, due to corporate policy. I use Firefox, which is allowed… It’s not always convenient to update these things in the middle of work. I really want the option to stop the damn Plugin Check page from popping up every time some vendor updates their plugin. I actually use NoScript and AdBlock Plus to keep out of trouble, and I only allow the plugins to run on page I trust. I’d like the Plugin Check page to be less in my face all the time, nagging. I’m a big boy, and I eat my vegetables, and I am careful about what runs on my PC. I have to admit, I don’t know exactly what to suggest as a general solution, but if I have to keep looking at that smirking raccoon one more time, I will start losing my hair… How would it be if whenever I attempt to actually “USE” a particular plugin, a message pops up saying “The “such and such” plugin is out of date, are you sure you want to allow it to run?” and give options like Cancel – Don’t allow plugin to run, update plugin now, Allow Plugin to run – proceed at your own risk, with appropriate warning, or perhaps a link to additional information regarding the nature of the vulnerability.

            The entire Plugin Check screen should be available, but with various *controllable* levels of nagging / handholding, like Windows Update. I hate to suggest that Microsoft might have a good idea now and then, but allowing people to manage their own update process *IS* courteous and polite. What I don’t want is to wait for Firefox to scan ALL my plugins every time I start a new session and remind me that I still haven’t updated Acrobat yet… And that damn raccoon… yecch…

          2. David Berrien wrote on :

            I just started a new session of Firefox without seeing the raccoon!!!! I only edited the Acrobat scan (set it to 7.0). My Flash and QuickTime plugins are still out of date, and when I get a convenient chance I will update them, but they are both manual installs, so it may be a while before I actually get around to doing it.

          3. David Berrien wrote on :

            Spoke too soon. I just opened a new session and there he is again… It doesn’t open the Plugin Check page for every new session, but this is the fourth session today, and it’s back. I’m tempted to disable the scan entirely if I can’t control it.

          4. Jorge Villalobos wrote on :

            I filed bug 802189 to look into this. Thank you for the details.

        2. Gianni wrote on :

          Have you tried disabling the plug-ins to see if it still complains about them? If you can’t disable them because you need them and can’t use an alternative you can actually turn off the version check (instructions here: http://kb.mozillazine.org/Plugin_scanning ) but do that at your own risk.

          1. David Berrien wrote on :

            Thanks for the great tips, Gianni. I’m trying the edit for Acrobat now.

          2. David Berrien wrote on :

            I’ve set Acrobat and QuickTime minimum versions to 20. I don’t like taking a baseball bat to a feature that is well intentioned and potentially very useful, but it’s not flexible enough and it’s not polite, so …whack… (Take that, you obese raccoon!)

            Thanks for the tip on how to control these things, Gianni

        3. Grant wrote on :

          I guess it started about a little over a week ago. Every time I started Firefox or reopened a closed tab, there were other conditions, the plug-in checker nag tab would appear. The nag tab said that Flash was out of date and that Firefox disabled Java.

          I’ve had slightly old versions of Flash before, but never was I nagged so much about it and in this annoying manor. So, in spite of Adobe, I updated Flash. However, I don’t have and never had, Java installed, so there is no way to stop Firefox’s plug-in checker from annoyingly opening the nag tab. Going into the Firefox configuration and un-ticking the check box for automatic add-ons check didn’t stop Firefox’s nag tab, either.

          My solution was to go into “about:config” and search for “plugin.scan” and raise the version of the SunJRE entry to 20 since there is no way to delete it. At this time that has finally stopped Firefox’s nag tab.

          For reference, all computers running Firefox v3.6.26 (due to work add-on). Happens with both Windows 7 (64-bit) and Windows XP (32-bit). Nag tab appeared as soon as Firefox opened Google main (home)page.

        4. Grant wrote on :

          I guess it started about a little over a week ago. Every time I started Firefox or reopened a closed tab, there were other conditions, the plug-in checker nag tab would appear. The nag tab said that Flash was out of date and that Firefox disabled Java.

          I’ve had slightly old versions of Flash before, but never was I nagged so much about it and in this annoying manor. So, in spite of Adobe, I updated Flash. However, I don’t have and never had, Java installed, so there is no way to stop Firefox’s plug-in checker from annoyingly opening the nag tab. Going into the Firefox configuration and un-ticking the check box for automatic add-ons check didn’t stop Firefox’s nag tab, either.

          My solution was to go into “about:config” and search for “plugin.scan” and raise the version of the SunJRE entry to 20 since there is no way to delete it. At this time that has finally stopped Firefox’s nag tab.

          For reference, all computers running Firefox v3.6.26 (due to work add-on). Happens with both Windows 7 (64-bit) and Windows XP (32-bit). Nag tab appeared as soon as Firefox opened Google main (home)page.

    2. Gianni wrote on :

      “It took an entire day to update Flash Player”
      What? Was your computer cursed by gypsies or assembled above an indian cemetery? I have updated flash on hundreds of computers without issues and it takes seconds; they even offer an official uninstaller now in case you can’t remove the previous version if its installer or settings got corrupt.

      “I just cannot afford the time costs associated with software that dictates to people.”
      Bad, bad Mozilla for trying to save you from outdated vulnerable plugins that can let any random page infect your computer. I’m sure you’d be the first to immediately point the finger at Firefox when getting infected through one of those centuries-old plugins though… right?

      If Mozilla had to start becoming a little aggressive in pushing for updates it’s because most users don’t understand how important it is. Did you know that Chrome does exactly the same (blocks outdated plugins) and that Microsoft regularly releases updates to turn off outdated active-x components (the active-x kill-bits updates) and now automatically updates flash on Windows 8?

      “I just cannot afford the time costs associated with software that dictates to people.”
      That feature will keep millions of users safe and will prevent many of them from being infected by drive-by malware; if you don’t like that please use Pale Moon (based on Firefox), K-Meleon, Maxthon or other browsers, don’t expect them to scrap it just because you have some messy operating system installs or some obscure, outdated programs.

      1. David Berrien wrote on :

        I can second the vote for Flash updates being problematic for some installations. I have a computer at home, running Vista Home Premium with 8 users, and the last time I attempted to update Flash on that PC, it was a nightmare of bizarre behaviors and unexpected failures. It’s still not working correctly, and my kids are complaining they can’t watch YouTube without waiting (sometimes several minutes) for the browser to allow things to work. I don’t know if it’s Flash, Firefox, or IE, but all I can tell you is it’s way too much work…

        I understand the motivation, but the Plugin Check page, at least on my work PC, (see above) is way too un-polite. Again, It’s risky to suggest to Mozilla folks that Microsoft may have had a good idea, but with all the criticism Windows has faced regarding security-related issues, they still chose to allow Windows Update to be completely disabled, although they do not recommend it (which is just sensible). And just in passing, my Windows Update is set to “Inform me of available updates, but let me decide when to install them”.

        1. Francis wrote on :

          Use the Flash Player Uninstaller (google for it, you’ll find the download page on Adobe website) and then install the latest version of Flash still from Adobe website. That usually solves every issue you can have with Adobe Flash.

          1. David Berrien wrote on :

            Except the fact there are two different versions, one for Firefox, and one for IE. I guess I’m the problem by stubbornly requiring both versions to be available and working… Which one do I uninstall first?
            When I install the Firefox version, it opens IE to go to the Flash check page… (IE is the system’s default browser, and no, I don’t want to change it. Sorry if that offends your sensibilities. Seriously, why should the browser care if there’s another browser on the system? Can’t I have two or three? Why should the updates not work if Firefox is not #1?)
            Vista doesn’t make the problem any easier to solve, either. That’s a whole ‘nother rant…
            I’m sick of draconian update schemes, as if that solves anything. I’ve literally had 2 virus infections in my entire Internet computing history (online since 1996), and both times, it was when “I” did something stupid…

          2. Francis wrote on :

            What do you mean with which version you uninstall first? When you use the Adobe Flash uninstaller it removes both the active-x and the plug-in (remember to close all browsers first).

            After you have used the uninstaller you can install the activex/plugin in any order you want. I don’t understand why has re-installing flash become such a drama, it shouldn’t take more than one minute.

  5. Gianni wrote on :

    Could we please have an option, even if just hidden in the about:config page, to block the vulnerable plugins without the prompting (with a message like “You must update this plugin before being able to view this content”)? With that option we could be able to set up Firefox to be completely safe against third-party plugins exploit when we set it up for not tech-savvy users that would just ignore the prompts rather than completing the updates first. I already stop downloads for those users (with publicfox) but drive-by malware installs have become the bane of my existence and turning all plugins off is way too excessive to solve the problem.

  6. Clark Mankin, Ph.D. wrote on :

    The seemingly endless onrush of “update” downloads has now brought us to the point that Firefox (Mozilla) will **prompt** us –>until we cave in and comply. Here’s what I think about that: “If it ain’t broke, please don’t fix it!”

    It would be entirely fair to say that 100% of the time I have wasted sorting through various difficulties related to PC operating system operations and application software operations has been the **direct result** of what I can only characterize as unwelcome and unwarranted “computer tampering” which is, as you may know, a violation of Title 18 U.S.C.A..

    What do I mean by “computer tampering?” When Microsoft, for example, or Mozilla, for example “prompt” me [when reading the word “prompt” one should pronounce that as “harass”] to permit (a) **unsolicited** (b) typically **unwarranted,** and, (c) from my perspective at least, ** needless** meddlesome annoyances to be installed even though I have repeatedly expressed my desire *not* to be disturbed with “updates” that I have not **specifically requested** , it seems to me very fair to characterize these so-called “updates” as nothing more than “Computer Tampering.”

    My system works quite well enough for every purpose I have or contemplate ever having for a home computer. I see absolutely no reason at all to disturb a fine tuned system merely because someone has determined that he does not like my choice of add ons. If Adobe Acrobat Reader cannot be used without an update every 10 days, I do *not* need to have it. Sumatra PDF does everything Adobe Reader does, plus it also creates PDF. It does not “prompt” me for “vital *security* [ha!] “updates” either. Exactly whose “security” are they worried about, mine or perhaps someone else’s?

    My browser works just fine; thank you very much for showing such gracious concern for my digital well being. Now, would you all please **get a life** and stop bothering me with updates I have not requested. I *like* the add ons I have and if I cannot use them with Firefox 17 then, quite frankly, I’ll be damned if I’ll use it.

    Having my own choices –> most particularly and especially, having a *feature rich user interface that gives me fine grained control over ****EVERY**** setting means lots more to me than having the latest “undated” browser version. I do not believe I will ever allow a newer version of Firefox to run on my equipment. That’s right, *my* equipment, not yours. It’s mine and I’ll jolly well run it *my way* whether you care for it or not. Keep the updates on a web site where I can look for and download one **if** it seems to me that I need one. Thank you very much for reading.

    1. D. J. wrote on :

      Thank you Dr. Mankin, you’ve expressed my interpretation of this incident clearly. Mozilla did not ask permission to gather data from our computers. Nor did they ask permission to install new software code that changed the way our computers operate. They overrode the explicit configurations set by the computer owners. Took information from the computers without consent. They’ve embedded software into the computers that had effects on the performance of the computers. All of this was done in secret without any knowledge or control by the owner of the computer.

      The nagging has now ended (I hope), but I still experience strange behavior from my previously stable and predictable version of Firefox. I intentionally stopped updating Firefox at 3.6.27 because I didn’t want the changes that were being implemented. Now I have a version of Firefox on my computer that I did not authorize, did not want, and have no means at my disposal to revert to the authorized version. Mozilla has destroyed my trust in their products. They hacked our computers. How can we possibly trust them again?

  7. Rob wrote on :

    I hope you’ll find a way to reliably detect what is “old” and “new”, and what is “current” and “outdated”.
    It has traditionally been very difficult to do “less than” comparisons on version numbers, especially in a world where version numbers are often determined by marketing, and are changed in structure all the time.
    A simple strcmp is not going to cut it, and a regexp compare is even more tricky.
    Furthermore, some plugin suppliers release new versions without announcing them, and you may find plugin versions on client systems that are newer than the ones you know of.
    We don’t want them to be stamped “outdated” just because it is difficult to determine if they are newer or older.

  8. Robert wrote on :

    I’m with DJ. I’m running 3.6.24 on Vista and a few weeks ago, Firefox started loading the plugin checker page. The string “plugins.update.notifyUser” is setting itself to true apparently at random. I changed “plugins.update.url” to nothing so the checker page doesn’t come up but I still have to close the tab. Numerous searches on a fix have come up with nothing. I won’t change browser but it is irritating not being able to fix it. What triggered this to start with?

    1. Brumman wrote on :

      I second Roberts comment. I’ve wasted hours on this bloody issue! I too have set ‘plugins.update.url’ to nothing and so now get the blank tab every time I start FF. When is Mozilla going to produce a fix?! I am using Win7 but also have Ubuntu on another drive – there FF works perfectly without these problems – but maybe that’s because Ubuntu updates constantly without permission – not sure which is worse!

  9. Brian wrote on :

    Is there any way to disable this behavior? I bought Acrobat years ago, and use the purchased full version with all updates applied. I’m not going to pay to upgrade Acrobat/Creative Suite, and I don’t think I should have to install Reader when I paid for the full version.

  10. Aleah wrote on :

    I recently updated my flash on Firefox 16.0.1 (previously I had a version of 15, which I also had this problem with) and now pages that require flash to do not work. I am promoted to install the latest version of flash (11.4.402.287), which I am able to do successfully (the most current version of flash shows up in my list of installed programs), but even after a reboot of my computer when I go again to websites that require flash it again prompts me to download the same version of Flash player I currently have. I also checked in plugin’s and Flash isn’t even listed. The only ones that are listed are Shockwave. Any help would be much appreciated!

  11. Bill wrote on :

    Please, dear God, allow me to disable the nagging reminder to update my plug-ins.

    Tried Tools>Options>Advanced etc and about:config blah blah plugins.hide_infobar_for_outdated_plugin.

    And your unwanted and uneeded whimsical cartoon racoon: echoes of unwanted and uneeded whimsical cartoon paper-clips! Not all your users are under 12 years of age.

    What has happened to Firefox? You used to be lightweight and respectful of your users? Are we all condemned to change browsers every few years as light and agile turns to nagging, we-know-best bloatware?

    1. aleks wrote on :

      use old browser like
      – firefox 3.6.28 or
      – k-meleon
      under sandboxie control to prevent virus infection

      and for html5 features use portable chromium or current firefox, cleaning profile every time you launch it

    2. David Berrien wrote on :

      +10

  12. goggles nusbaum wrote on :

    Your browser is stinky poo poo. Your company is predatory.

  13. Thomas wrote on :

    Go to “about:config” and set plugins.update.notifyUser to ‘false’ and remove the URL from plugins.update.url . This did it for me (version 3.6.17)

  14. Lukas wrote on :

    I run an older version of flash player, simply because the new one doesn’t work properly, so because of this, I’m going to be seeing this prompt constantly? Yeah, no, downgrading/switching browser, whatever, I won’t use flash player 11 and it’s constant crashing and general wonkiness, and I won’t be nagged constantly.

  15. David Berrien wrote on :

    I give up. Too annoying. The version number hacks don’t work. I have set version numbers all the way up to 20.0.0, and still get the plugin check page 4 to 10 times a day. I’m disabling all the plugin checks, adding the “plugin.scan.4xPluginFolder = False” and setting the url of the plugin check page to null. I’ll not be updating Firefox until this situation is corrected. If that means disabling Firefox Update, I’ll find out how to do that, too. If there appears to be no interest of Mozilla’s part to change their attitude, I’ll be using another browser.

  16. A.L.G wrote on :

    I have similar feelings to those expressed above and similar reasons for not wishing to update some plugins.
    I would just like the ability to “opt out” of this opening of the plugincheck page on every program start.
    I always use a restored session and am quite happy to have most plugins disabled.
    I have wasted enough time already on trying to stop this unwanted behaviour and feel it to be a poorly implemented “feature” if their is no ability to turn it off.
    I have no objection to outdated plugins being disabled or hampered when called, but I do not need to be nagged every time I open the browser. It really is insulting. I have uninstalled plenty of nagware over the years and this is headed in that direction.

  17. Danny Thomas wrote on :

    1. I read the message saying that the Adobe Reader is out of date…

    2. I go through all the process, until the installer program reports that the newest version has been succesfully installed.

    3. The browser continues to show the same message, indicating that the Adobe Reader plugin is out of date…

    4. I go through the same process a second time…

    5. No change, Firefox continues to show the same warning just the same… WTF?

  18. Julia wrote on :

    I’d like to add my voice to those calling for way to toggle off the plug-in check page. I am at a workplace where all updates are pushed out en masse and there is NO way for me to install software, much less to tweak my plug-ins as I would like. Since Firefox is not a supported browser, I have the choice of what I’ve got… or no Firefox at all.

    1. Neal wrote on :

      I have discovered how to avoid this ANNOYING Plug-in Check problem, and it works very well… and that is to SWITCH TO OPERA. Firefox is a good browser, but they have blown it with this “Plug-in Check” thing. This is about as annoying as you can get. Why can’t this be done as a background process and not in front of the user? From what I’ve seen, this problem has been going on since 2011. I have given up, and now use Opera. With a little fine tuning, Opera works well.

  19. Anonymous wrote on :

    I want this to work on Linux too.

    1. Brumman wrote on :

      well afaik it does. I use ubuntu and FF works without the nag or plugin problems.

  20. Paul wrote on :

    I received the update notification for Firefox 17 today and of course, immediately looked at the list of fixes to see if you’ve finally fixed the problem with the Adobe Flash add-on crashing in your browser which is why I’m using Flash 10.3 which is no issue on the security front for me. To my utter surprise I found that not only is there no fix yet, or at least mentioned, but now your browser is going to start prodding me to update! That won’t be happening as I nearly went nuts getting the two to work together. SO no, I won’t be updating Firefox until I see the fix for Adobe’s Flash plug-in has happened. The very thing that increases the security of Flash is the thing that conflicts with Firefox and neither you nor Adobe seem to be able to fix it. Or, quite honestly, I feel both of you have higher priorities or it would have been fixed long ago.

  21. Harvy wrote on :

    Our organisation uses Firefox for intranet access to in-house developed website. We use Adobe Reader 8 for which we had some special code created to allow for a one-shot editing capability of downloaded pdf files. This functionality is only available in Reader 8, so we don’t have the option to upgrade to latest versions of Reader, nor do we see any need to do this, as there is no security risk involved.
    So how can I turn off this annoying “click to run” thing which has just started to rear its ugly head…. my people don’t need to update reader – and they don’t need to have this msg evey time they open a pdf file.

    Cheers
    Harvy

    1. Jorge Villalobos wrote on :

      In order to do that, you would need to change the blocklist in your organization. You can set the preference “extensions.blocklist.enabled” to false, and then edit blocklist.xml in your profile to remove the blocklist item that corresponds to Adobe Reader (blockID=”p156″ or blockID=”p158″, not sure). In order to remain safe, though, I recommend that you reload and re-edit the blocklist file regularly, so you get the latest updates.

  22. Old School wrote on :

    “While you are free to ignore the warnings and continue using your old plugins, we strongly recommend that you go to our Plugin Check page and update them as soon as possible.” Plugin Check said I have “Shockwave Flash 11.5.502.135” I actually have Adobe Flash Player 11.5.502.135.
    IMHO Adobe should correct the title. This flaw has become a topic of conversation at the following respected security blog: http://krebsonsecurity.com/2012/12/shocking-delay-in-fixing-adobe-shockwave-bug/

  23. Marg wrote on :

    My new mail program wasn’t working well with IE9, so I was advised to use Firefox, which I downloaded. I started to get Norton popups saying mupdates_new.exe was not safe and had been removed. I was told this was something to do with Firefox/Mozilla. I removed all Mozilla files, but the popup still keeps on popping up. Does anyone know anything about this and how to get rid of it. The file info leads to a site Marketpingloui.com.

    1. Old School wrote on :

      You have a virus. See http://safeweb.norton.com/report/show?url=marketpingloui.com for a start.

  24. John Johnson wrote on :

    I rarely keep adobe updated. They just update way too much. Now Firefox tells me I have to update it if I want to open a PDF document in firefox. However most webpages don’t allow direct download of some files. The only option is to open the file and then save it. However now I’ve got firefox warning me about adobe being out of date and I have to sit around updating software rather than accessing files I needed.

    The point I’m trying to get to, Please augment the .pdf adobe warning to allow me to download the pdf file.

  25. IanR wrote on :

    IMHO, update popups are almost aways a very bad idea. Some plugins do have vulns, but the risk of social enginering generally far outweighs such concerns. Take the user who does a little casual browsing in lunch break, and hits:

    TO VIEW THE EXCITING VIDEOS ON PR8N.COM YOU MUST UPDATE YOUR FLASH PLAYER!!!
    CLICK **HERE** TO DOWNLOAD DIRECT FROM ADO8E.COM !!!!

    If on Win7, Screen grays: Warning, you must elevate this process to install the software: Yes (after all it’s from ‘Adobe’ …isn’t it? )

    Er, no it isn’t. Congratulations. Malware installed.

    If the user had been warned NOT to trust ANY such popups, and to not click any areas of the popup (because buttons may be deliberately mislabelled) but to close the browser instead, the attack would not have succeeded.

  26. Mark wrote on :

    I agree- I bough Adobe Acrobat, and cannot afford to buy new versions twice a year. And I also cannot afford to have Firefox destroy my browsing functionality. If my computer explodes because I am using a six month old, but fully updated version of Acrobat, that is NONE of Firefox’s business.

    Stop nannying us. I am a computer expert, and do not need your help.

  27. Mark Y wrote on :

    Firefox 17.0.1 W7 Pro 64 bit
    I have been having severe stability problems with your browser ever since I upgraded Acrobat Reader from 9.5 to 11. I have downgraded since then to V10 but was still having the same problems. So now I have uninstalled V10 and gone back to V9.5, and lo and behold no stability problems any more, however suffering the message “This plugin is vulnerable and should be updated” EVERY time I try to view a pdf. Is there any way of turning this off? I don’t want to upgrade and re-introduce the instability again (Browser crashes and even bluescreens)

    1. Jorge Villalobos wrote on :

      Were your problems at all related to what’s mentioned on this bug report? If so, it’d be very valuable for you to comment in it and mention that you’re not on Mac OS, because we currently believe these problems only happen on that system.

      As for removing the warning for old versions, unfortunately there isn’t anything you can do that wouldn’t put you in a significant security risk.

      1. Mark Y wrote on :

        Sorry Jorge, all problems on Windows 7 Pro 64 bit. PDFs would open OK in Acrobat 10 & 11 so doesn’t appear to be related. Stability problem appeared to stem from the AdobeARM service introduced with Acrobat 10 – AdobeARM always seemed to show up in crash logs even though I had set it to manual start only and not even viewing PDFs. I would be navigating around simple links to other pages – Browser crashed 4 times this evening within 10 minutes until I reverted to V9.5. (Also had 2 bluescreens this evening as well)

        So no chance of me upgrading my PDF viewer ever again, unless there is some way of not adding AdobeARM service. I would rather face the security risk than suffer the instability. Its the lesser of two evils.

      2. DanS wrote on :

        Have had the same problem with Adobe Reader – using the latest version of Adobe Reader and the latest version of Firefox, I can open and read pdf files, but when I try to save or print them there is an error message, and clearing the error message closes firefox and reader.

        After some research, I removed all Adobe files from my computer and then downloaded Adobe 9.5 and everything works the way it should, now.

        There is a bug somewhere and the old version is stable and the new version is not.

        The only problem now is that EVERY time I load a pdf file in Firefox I get a largely blank screen with a brief note asking me to update to the latest version. There is an option to override, but the override works only for that click. Load another pdf and you have to do it again.

        We should not be forced to update, and there must be a way to override these constant reminders.

  28. mark wrote on :

    Turn that fucking junk off!

    1. jan wrote on :

      Same here. I’m looking for hours to find a solution already. Tried everything. PLEASE TOP TREATING CUSTOMERS LIKE MORONS AND LEAVE RESPONSIBILITY WHERE IT SHOULD BE.

      I’m running Firefox in an VMware player and know how to prevent viruses. If this is not solved in two days I’m back to IE.

      So…. no automatic updates, no hidden spyware, no adds, no backdoor checks. I’m fed up with this new way of software offerings.

  29. Ben wrote on :

    This “update” continues to be the largest piece of S**t that Mozilla has forced upon it’s users. Our company paid for and uses Acrobat 8.0 professional, because we do A LOT of document production, and are SICK AND TIRED of constantly being bugged by Firefox that “this plug-in is vulnerable” each time we try to open a PDF document within a webpage using FireFox.

    Acrobat 8.0 is a stable, lean, PAID FOR piece of software that all of our users have been trained on. We are not going to pay to update it because Mozilla feels we’re risky.

    No, I’m not going to install Reader XI just satisfy some programer’s big brother complex of protecting me – part of owning Acrobat is being able to OPEN, EDIT and SAVE PDF’s within the same program. Not having to close and then “open with” each time.

    Fix the nagging block screens that we get each time we open a PDF within Firefox…
    Are you taking notes there Villalobos?

    1. Jorge Villalobos wrote on :

      At a company level, you can either keep a custom version of the blocklist, or disable it altogether, if you’re willing to take the risk. I would recommend that you join the Enterprise mailing list and voice your concerns over there. That’s the best place for this sort of discussion.

  30. Ilya wrote on :

    I think your idea of constantly spying on peoples’ plugins is just bad and will lead your users off.

    best of the best here, “STOP TREATING CUSTOMERS LIKE MORONS AND LEAVE RESPONSIBILITY WHERE IT SHOULD BE.” and “discovered how to avoid this ANNOYING Plug-in Check problem, and it works very well… and that is to SWITCH TO OPERA.”

    Collecting ~too~ much info on others’ plugins may lead one to the same gallows as Judas, so to say.

    1. Jorge Villalobos wrote on :

      The blocklist system doesn’t spy on you. We don’t receive any information of what you have installed. The entire blocklist is downloaded to your profile folder (blocklist.xml) and then Firefox checks if any of your installed add-ons match the ones on the list. All of this happens locally.

      1. Frank wrote on :

        “We don’t receive any information of what you have installed. The entire blocklist is downloaded to your profile folder (blocklist.xml)”

        Thanks for clarifying that! That’s good to know. I guess I could’ve done a tcpdump to check out what’s going on. I would prefer if Firefox did not make the connection to download blocklist.xml at all, since I’m not explicitly originating it. Is there a way to configure Firefox to not make that connection or do I need to block connections to mozilla.org at my perimeter?

        1. Jorge Villalobos wrote on :

          You can toggle the “extensions.blocklist.enabled” preference to false in about:config. That disables the blocklist entirely.

  31. Helmut wrote on :

    This enforced plugin check fits entirely with the line of development of Firefox/Thunderbird: Annoy the user.
    Jorge Villalobos – read your answers just in this thread: You seem to be unable to listen. You _know_ what is best for us dummies, don’t you? Thanks.
    It started with the idiotic version numbering scheme and continues – I use FF for years now. But I am very close to try another browser (except IE). And if I do that, I will probably never go back to FF, because I like my browser with _my_ choices, and as long as it works, I will not experiment. Updates – yes. Security – yes. But annoying updates which each time break _my_ look and feel, where I have to invest time to get it back how I like it – no. I am already in the ESR channel for this reason: I do not want a major version upgrade every two weeks.
    This annoying 2nd window opening is the newest try to lower your market share, obviously. If you at least would tell us how to disable it. But no. _You_ know best, don’t you?
    We idiots should really listen to you….

    1. Jorge Villalobos wrote on :

      If you want to disable the blocklist, you can. The majority of our users don’t track security or stability issues, or would understand how their systems crashed or got compromised. We favor blocks that allow users to keep control, by either manually re-enabling the add-on, or enabling it per-session or per-site, as it is the case with the new click-to-play blocks. If that’s not good enough for you, again, you can just disable the blocklist.

  32. Fred wrote on :

    For sure, this is an issue big enough for me to switch browsers.

  33. Bill wrote on :

    Jorge,

    Good intentions. Extremely bad idea. I don’t know if it’s related to your post but it seems like it because as of today when I open ff I get an annoying tab telling me to update my plugins. I’m not interested. No offense but who asked you?

  34. Frank wrote on :

    The mozilla racoon cartoon update page is as annoying as it gets. It took me several tries before I finally got Firefox to knock it off. Clearing the update page URL in about:config just made Firefox start up with two blank tabs. What finally did the trick was setting the Java JRE version number to 9.

    WHY does Firefox insist on being so goddamned patronizing? Did you even stop to consider that perhaps someone who sets “DON’T CHECK FOR UPDATES” in the normal preferences actually means it? In my case, I’ve got a client-side firewall that strips all runnable content like Java and ActiveX so it’s not even protecting me from myself – it’s just flat-out annoying.

  35. mark wrote on :

    Turn that fucking jung off. It is annoying and nothing beyond that. I am beyond Kindergarten age! And I know how to tie my shoelaces!

  36. Bob Smith wrote on :

    “If you want to disable the blocklist, you can.”

    – How?

    I toggle it to disable. You toggle it back again. Didn’t Microsoft interfere with personal settings a few years ago and the civil law was changed to prevent this. Are you breaking the law?

    ALL my plugins are up to date, yet EVERY time I open Firefox, the update tab and page appears. I cannot find any way in about:config to stop this. I’m using Firefox 3.6.28 on Win XP3.

    I’ve been using Firefox since Firebird was a chick and there has been a steady erosion of my loyalty and support over the past few years. You (plural) need to take a step back, perhaps a sabbatical, and critically view what you say and do, nowadays.

    You really sound like the corporate bullies you used to so successfully ridicule…Just tell me how to stop this and leave it to ME, on MY computer, to decide what is best for ME!

    Thanks, Bob Smith

    1. Jorge Villalobos wrote on :

      Changing “extensions.blocklist.enabled” to false should disable the blocklist permanently. I don’t know how it could be flipped back, and we’ve never done that automatically.

  37. Nick wrote on :

    have the same problem, I have updated or disabled all the plug ins and I still get the nag screen.

    Switching browser. Anyone suggets something less wifey.

  38. Conley Powell wrote on :

    I’m switching to another browser. I’m sick of Mozilla’s “We know best, so we’ll do as we please, whether you ignoramuses like it or not” attitude. By the way, Mr. Villalobos’ “fixes” don’t work, at least on my system.

  39. Tally wrote on :

    I like Firefox checking my addons and plugins for the latest version. But . . . I would prefer to disable the check for those plugins that I choose to run an older version. I prefer to use Acrobat Reader 8 because the newer versions do not fit my needs. It is my choice. The nag screen requesting permission to allow the plugin is annoying. Tell me once, fine. But let me have the option of not being reminded until at least another version is available.

    I edited the blocklist.xml file in my Firefox profile to change the version numbers being checked. I searched for “p156” and changed he minVersion to “9.5.0”. The maxVersion was “9.5.1”. This change allows me to open all my pdfs with Reader 8.

    In about:config I left “extensions.blocklist.enabled” at the default of true because I still want the other extensions checked.

    I changed “extensions.blocklist.interval” from the default of “86400” to “8640099”. Adding “99” to the end of the number of seconds changes the blocklist download from once per day to once per 100 days (plus 99 seconds). That means that a new blocklist will be downloaded every 100 days and I will have to redo the change to the xml file. Fair tradeoff for me so that the other data is updated.

    My preference would be to have an override for the blocklist.xml file, preferably at the plugin level. I may need to explore using Opera instead of FF. I like Opera on my phone, maybe it is time to check it out on my desktop.

  40. PF wrote on :

    Please stop trying to make me update my plugins this is annoying and not helpful. I already know hoe to update plugins and the ones I want updated (including Flash) are more than happy to let me know when a newer version is available and I can decide for myself whether or when to install it.

    1. Morten79 wrote on :

      I totally agree with you. I don’t like all this blocking shit all the time. I’m fully aware of the risk of using out-dated plugins but all this Click-to-Play is plan annoying. I like too manually update flash and Java and in general I’m against all this auto-update and notification stuff pop-up and shit smoking on my desktop. I always make sure to disable all kind of auto-update after updating Flash and Java. I would much more like too be mentioned of new updates on my used plug-ins with an email.
      IMO Flash and Java is the most important plug-ins too have updated on regular basis of max. 7 days after a new update is release.
      I update Adobe Reader two times a year at the most. I don’t mind using an out-dated Adobe Reader version or plug-in. IMO there should be an easy way too simply disable both extension compatibility check and the new Click-to-Play thing.
      I find it very good that after an update has been applied Firefox automatically fire up the plug-in check page that is a good minimal and non-disturbing friendly remember.

  41. P.S. Knight wrote on :

    @FIREFOX Team:

    As someone who started using Netscape back when Google was just a new nerdy search engine quasi secret Standford University project and loyal Firefox user once Netscape died, I agree with all those here who do NOT like this enforced plugins checking routing to your “Racoon” plugins update page.

    I like my browser to fire up automatically on my Win7 system and go to my chosen homepage – NOT have it overridden by a second tab to said update page. Sure, one can change the URL of the “plugins.update.url” page to which this second tab goes to, but it’s still overrides my homepage with a second tab.

    AT THE VERY LEAST you should make the about:config >extensions.update.notifyUser Preference — truly — a true/false toggle. Not as it is now: it auto-resets to “true” every new browser session.

    I didn’t have any problems with this update thing until the JAVA warning that happened about a week or so ago that everybody was talking about on the Net. A couple of days later, Firefox started forcing us to go check all plugins. Before this, I’d get that page on rare occasion and I welcomed it. But now it’s all the time, every time I fire up FF. As with others, I like to be able to have the freedom to update whatever plugins or extensions I wish at my life flow and according to my use priorities.

    Bottom Line:

    While our language styles and situations may differ, it is obvious that almost every single person who has taken the time to come here and comment on this does NOT like this forced enforcement. I understand why the less-techie or basic consumer user may need this kind of reminder, but Firefox’s appeal to many of us out there IS the ability to go under-the-hood and tweak it as we see fit. No other browser has this level of tweak-ability.

    So at the very least respect the consensus here give us the option to toggle off the notifyUser Preference as mentioned above and/or whatever else will give us the choice to update our plugins when and how we wish to do so.

    Thank you.

    ~ P.S. Knight

  42. Dany Chouinard wrote on :

    Is this going to be fixe? I run a corporate environnement and the user doesn’t have the ability to install those update. I already start to ask employee to stop working with Firefox since it increase the request for indivdual upgrade at a too high level. I mean, I can’t keep up. Adobe is always releasing those annoying crap averytime they release a new version (internet print and so) and I rather live with a vulnerable version that work fine. I’m not talking about those few week release of Java and so.

    So, the feature might be nice for grandma, but I need to get that turned off. I mean, really. The plugin has to work at once.

    At least we have a choice of browser now. Internet Explorer doesn’t sound that bad anymore.

  43. None ya wrote on :

    I don’t need this crap every time I open the browser.

  44. Martin wrote on :

    Turn that junk off! Pleeeeease!

  45. Scott wrote on :

    Ive updated the plugins multiple times as well as re-installed firefox in the past couple weeks, and yet acrobat continues to crash, which results in Videos being prompted with a security risk and pdf files on web pages come up Blank. Not good at all. I see Avt Br gaining much popularity unless this issue is fixed soon.

  46. Jim Brown wrote on :

    I updated silverlight at firefox’s request and firefox quit recognizing my installed printers any ideas or help?

  47. Jim Brown wrote on :

    I have done a complete reinstall 5 times to no avail

  48. Doug Tor wrote on :

    Sometimes (not always) when I click on a link to a pdf file I get the “This plugin is vulnerable and should be updated……” message. It does NOT tell me which plugin is vulnerable. It does NOT go to the plugin check page when I click as it tells me to. Instead when I click, the desired pdf file opens. I did manually go to the plugin check page and there were 2 plugins labeled as “vulnerable.” One was Adobe Flashplayer which I updated with no change in behavior. The other was Apple Quicktime which I also updated, again with no change in behavior. The same pdf links that gave me the vulnerable plugin message still give me the same vulnerable plugin message. I again ran the plugin check function and got a message that Quicktime needed to be updated to an even newer level than the one to which I had just updated 10 minutes before. But when I pressed the download button, it downloaded the exact same file that I had just used to update Quicktime (the previous version, I suppose). I’m pretty frustrated that the vulnerable plugin message does NOT identify the vulnerable plugin and apparently generates spurious messages. Nor does it perform the plugin check as is implied in the message. I’m also frustrated that every piece of software seems to require updating every week or so resulting in the user having to update something every day. I spend more time updating than using the software. I think SW developers should focus on getting it right the first time rather than putting out buggy, vulnerable, poorly performing software every other week.

  49. Dave Fox wrote on :

    The fact that you can’t switch this annoying warning page off is disappointing. I work for a big company. To update plugin you need to get an Administrator to come down and do it for you.
    I did this 2 weeks ago and again the Plugin page appears. Adobe do so m,any updated that I may as well have the Admin sitting next to me to sign in to keep these plugins up to date.

    In a SOP environment this is unmanageable as the user cannot update the plugins and has to put up with a 30 sec pause every time the browser opens, checks plugins and generated the plugin page. After all Adobe Flash needs an .exe file to be installed.

    FF used to be my browser of choice but sorry Modzilla I’m back to IE9 over this ridiculous development of yours. You need to listen too users and provide us with an option. It’s the users decision at the end of the day. I want to disable Plugin check unless FF will fail because of a plugin. … IE9 does not need to do this why do you?

  50. Peter Chivers wrote on :

    Whenever I load a pdf I get a screen “Plugin is vulnerable and should be updated” When I check plugins I see the message “Adobe Acrobat is known to be vulnerable and should be updated”. I’ve followed the process to update several times now but it doesn’t change anything.

    Plugins page is showing current version 10.1.2.45, the installer seems to be loading v 11. I get an installation complete message but nothing has changed.

    1. Jorge Villalobos wrote on :

      Try closing Firefox, deleting pluginreg.dat from your profile folder, and then starting again. Deleting that file is safe, so you shouldn’t worry about doing this. It can sometimes happen that this file keeps old version data and it needs to be cleaned up.

More comments:1 2