Must Read: Sorry, but bringing back the Start menu won't help Windows 8

Topic: Browser

Mozilla 'Plugin Check' keeps Firefox add-ons secure

Summary: Mozilla has expanded its Plugin Check service to provide an easy way for Firefox users to pinpoint browser add-ons that might be vulnerable to hacker attacks.

Ryan Naraine

By for Zero Day |

Mozilla has expanded its Plugin Check service to provide an easy way for Firefox users to pinpoint browser add-ons that might be vulnerable to hacker attacks.

The new service, available here, effectively scans the browser for all installed plug-ins and provides one-click options to apply patches if an outdated plugin is found.

[ SEE: Firefox to run checks for Adobe Flash patch ]

Here's what I saw when I visited the page on my Macbook:

A click on the "update" button and a restart of the browser patched my Silverlight Plug-In.

The Plugin Check service debuted in Firefox 3.5.3 with scans for vulnerable versions of the ubiquitous Flash Player plugin.

Separately, Mozilla has packaged a suite of security-centric plugins to help Firefox users stay safe while surfing on the Internet. The package, available here, includes NoScript, Better Privacy, AdBlock Plus and WOT (Web of Trust).

Topic: Browser

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

11 comments
Log in or register to join the discussion

  • Nice!

    There are other ways to check for these kind of updates (Securina PSI for example), but every little bit helps.
    Michael Kelly
    Reply Vote

  • RE: Mozilla 'Plugin Check' keeps Firefox add-ons secure

    Great service, can't argue with that.
    Loverock Davidson
    Reply Vote

    • You Can't? Others Can

      After all, it is just laughable that they throw up a security error when their own browser connects to this so-called security site!

      Mozilla has got to get their act together. It is just inexcusable for them to do this
      mejohnsn
      Reply Vote

      • Its protection

        Think of this as an added layer of protection because its warning you of the site first. Not only that but the site isn't listed in Mozilla's allow list which is why you get said error.
        Loverock Davidson
        Reply Vote

  • Humor - I clicked on the link and got

    This Connection is Untrusted
    You have asked Firefox to connect
    securely to www-trunk.stage.mozilla.com, but we can't confirm that your connection is secure.
    Normally, when you try to connect securely,
    sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
    What Should I Do?
    If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.

    Technical Details
    www-trunk.stage.mozilla.com uses an invalid security certificate.
    The certificate is not trusted because the issuer certificate is unknown.
    (Error code: sec_error_unknown_issuer)
    I Understand the Risks
    davebarnes
    Reply Vote

  • Throws me a big certificate error!

    Erm, the site you link to throws a big, red, full screen
    certificate error.

    Thanks - but no way.
    CobraA1
    Reply Vote

    • Right you Are!

      If Mozilla is serious about security, then they cannot afford to do stupid things like this. They have to use a real cert, from a trusted CA.

      Anything less is just real bush league. They should be ashamed of themselves for this screw-up.
      mejohnsn
      Reply Vote

  • It's not security, it's irony

    You discarded Firefox's warning, proceeded to establish an unconfirmable HTTPS connection to the 'Plugin Check' site to potentially download addon updates.

    It's not added security if it made you pause before you went to the site anyway. Because, in the absence of any subsequent information to vouch for this particular mozilla.com sub-domain, you made an unsafe decision.
    n.ang
    Reply Vote

  • Story links to under-development Plugin Check, not final release

    Just to be clear: The link to the Plugin Check in the story points to a public staging server with the project under development.

    The final launch of the page only happened today, and at this URL:

    https://www.mozilla.com/en-US/plugincheck/

    [b]That[/b] page should work without SSL cert issues, unlike the dev server
    lmorchard
    Reply Vote

  • RE: Mozilla 'Plugin Check' keeps Firefox add-ons secure

    (deleted)
    lmorchard
    Reply Vote

  • RE: Mozilla 'Plugin Check' keeps Firefox add-ons secure

    Great!!! thanks for sharing this information to us!
    <a href="http://www.yuregininsesi.com">seslisohbet</a> <a href="http://www.yuregininsesi.com">seslichat</a>
    birumut
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close