We could use your help! Please hit our testing server’s Plugin Check. We will be able to capture information about plugins and help fill-out the PFS2 database. See an issue? Look through current bugs and leave feedback in Bugzilla.
- Adobe Acrobat
- Windows Media Player Plug-in
- RealPlayer (on Mac only, Windows exposes version information)
Some plugins don’t expose a good version number in the description, but can be detected by instantiating the plugin. We’re using Eric Gerds’ PluginDetect for this type of plugin.
On the other hand, kudos go to Microsoft’s Silverlight team for the following information: name=”Silverlight Plug-In” description=”3.0.40818.0″. That’s exactly what we need to identify when a Plugin has fallen out of date. If a vulnerability is discovered and published against 3.0.40818.0, we can alert the user to pick up the newest version.
It’s very fast and easy for us to detect your release version, when the proper information is provided by the plugin. Doing so is a win for you and your users. We’ll be encouraging Firefox users to keep their plugins updated to the latest and greatest. This means better distribution and lower support costs for you. We’re contacting many vendors right now to make this happen.
Update 10/3 @12:50 PDT: Thanks to everyone who has filed bugs! Additionally, here is the list of Plugin states, copy, and links. This is going to change, based on your feedback, but I think it will help the discussion.
|Unknown Plugin||N/A we don’t display anything||N/A||N/A|
|Current||You’re Safe||Learn More||Vendor URL|
|Old or Unknown Release||Potentially Vulnerable||Update||Vendor URL|
|Old with Known Exploit||Update Now||Vulnerable||Vendor URL|
|Current with Known Exploit||Vulnerable No Fix||Disable Now||#disable-now|
I think the consensus is that the copy for Current and Old send the wrong message.