Following up on the Flash Detection on the What’s New page, we are developing an upgrade to the Plugin Finder Service (PFS2).
We could use your help! Please hit our testing server’s Plugin Check. We will be able to capture information about plugins and help fill-out the PFS2 database. See an issue? Look through current bugs and leave feedback in Bugzilla.
If you’re a Plugin Vendor, please put the version of your plugin into the name or description field of your plugin. For example, since they don’t expose this information, the following very popular plugins cannot have their minor versions accurately detected in Firefox with JavaScript alone:
- Adobe Acrobat
- Windows Media Player Plug-in
- RealPlayer (on Mac only, Windows exposes version information)
Some plugins don’t expose a good version number in the description, but can be detected by instantiating the plugin. We’re using Eric Gerds’ PluginDetect for this type of plugin.
On the other hand, kudos go to Microsoft’s Silverlight team for the following information: name=”Silverlight Plug-In” description=”3.0.40818.0″. That’s exactly what we need to identify when a Plugin has fallen out of date. If a vulnerability is discovered and published against 3.0.40818.0, we can alert the user to pick up the newest version.
It’s very fast and easy for us to detect your release version, when the proper information is provided by the plugin. Doing so is a win for you and your users. We’ll be encouraging Firefox users to keep their plugins updated to the latest and greatest. This means better distribution and lower support costs for you. We’re contacting many vendors right now to make this happen.
Firefox 3.6 is going to be adding enhancements to the way Plugin information is exposed to JavaScript. We’re looking forward to how this will simplify this task.
Interested in the code under development? Check out PFS2 server, PFS2 client and of course Mozilla.com where it will eventually live.
Update 10/3 @12:50 PDT: Thanks to everyone who has filed bugs! Additionally, here is the list of Plugin states, copy, and links. This is going to change, based on your feedback, but I think it will help the discussion.
Status | Copy | Button | Link |
---|---|---|---|
Unknown Plugin | N/A we don’t display anything | N/A | N/A |
Current | You’re Safe | Learn More | Vendor URL |
Old or Unknown Release | Potentially Vulnerable | Update | Vendor URL |
Old with Known Exploit | Update Now | Vulnerable | Vendor URL |
Current with Known Exploit | Vulnerable No Fix | Disable Now | #disable-now |
I think the consensus is that the copy for Current and Old send the wrong message.
Arc wrote on :
Jesse Ruderman wrote on :
rich wrote on :
Michael Lefevre wrote on :
alanjstr wrote on :
Wil Clouser wrote on :
Dan wrote on :
pd wrote on :
fsync wrote on :
pd wrote on :
morgamic wrote on :
morgamic wrote on :
morgamic wrote on :
Justin Dolske wrote on :
Justin Dolske wrote on :
jmdesp wrote on :
David Illsley wrote on :
Ken Saunders wrote on :
Nickolay Ponomarev wrote on :
ozten wrote on :
B.J. Herbison wrote on :
Gen Kanai wrote on :
Kurt (supernova_00) wrote on :
ozten wrote on :
James John Malcolm wrote on :
Justin Dolske wrote on :
ozten wrote on :
Dan wrote on :
ozten wrote on :
Fabian wrote on :
crashx wrote on :
Shaun wrote on :
J. Couprie wrote on :