Plugin Security Risks and Mozilla Plugin Check
No matter what operating system we will use, there is a security risk if you are using third-party applications, add-ons or plug-ins. The risk: Exploits targeting vulnerabilities in any application or operating system. Plug-ins for browser, e-mail programs and other applications is often known to have vulnerabilities. Some vulnerability, if targeted can cause malware infection, personal or financial information loss and many others. There is a need to patch or update the software we’ve installed or allowed installation (some were installed without our consent so look at the list of unwanted add-on here so the next time you will install a software, you will know what awaits you when hit that ‘next’, ‘yes’ or ‘install’ button) including those little plug-ins!
Most security researchers and software developers like Secunia (see Secunia World Map on Insecure Applications to date), SecurityFocus, Microsoft, Apple and Mozilla is aware of the above risk. To help end-users in protecting their computers against vulnerabilities or exploits (note that not all antivirus can prevent or detect exploits), Mozilla launched online Plugin Check website.
The Mozilla Plugin Check website was officially launched last month so your old, vulnerable and buggy plug-ins is detected as “safe (up-to-date)" or “vulnerable (outdated)".
Different end-users have different installed plug-ins. Some might have few or while others has more. Example is the screenshots below where figure A shows plugins for Adobe Acrobat, Java, Mozilla, Shockwave Flash, Windows Presentation Foundation and Yahoo Application State. Figure B have Silverlight plugin.
When you visit the Plugin Check website, it will display the version and vulnerability status of the plugins. If you find “Unable to Detect Plugin Version" in the status in the plugin check website, it could mean that:
- The Mozilla Plugin Check website need to refresh their detection.
- You have to re-initialize the installed plug-ins by deleting pluginreg.dat file in your Firefox profile folder.
The developer or vendor of the plug-in has not participated! Mozilla is asking their help by entering the version of their plugin into the name or description so Mozilla’s plugin detection website will be accurate.
To prevent infection or any security risks posed by or targeting the known and unknown vulnerabilities, bookmark Mozilla Plugin Check now and visit it regularly. Other service or applications that will help you in keeping your software up-to-date: Secunia Personal Software Inspector or the Online Software Inspector (OSI), CNET TechTracker, Filehippo.com Update Checker, Shavlik Patch Google Gadget, Microsoft Baseline Security Analyzer and Belarc Advisor.
Note that Mozilla is planning to integrate the neat Plugin check with the upcoming Firefox browser v3.6 and by adding support of their plugin check website for other browsers. Help reduce the 10 million insecure plugins by visiting Mozilla Plugin Check today!