It is becoming increasingly more important to keep plugins updated and remove obsolete applications. Not only are they a common cause of browser crash incidents, obsolete plugins can be exploited by hackers to download malware without your knowledge. Plugin Checker helps keeps your browser safe.
Ubiquitous applications like Adobe Flash that integrate with any browser and stand alone are particular dangerous when compromised because they have no boundaries. A 2008 report issued by Mark Dowd, a research engineer with IBM Internet Security Systems details one such vulnerability exploit. The details are technical, but essentially, it's possible for a hacker to circumvent the ActionScript code verification to execute malicious code, which usually takes the form of a trojan or browser hijacker. Adobe has since released a security patch to address some of these vulnerabilities.
In the words of Mozilla, Plugin Checker was developed to make the web safer and less crashy for everyone, not just Firefox users. Plugin Checker isn't compatible with all browsers yet, but it will be.
Today, Plugin Checker is an addon, but new versions of Firefox slated for release will integrate this function. Firefox already checks to make sure that officially sanctioned plugin add-ons that are installed through the Mozlla add-on page are kept up to date. If you're a Firefox user, you've already seen plugin update messages. Mozilla can't control how or when third-party developers update their software, but they can check for updates and outdated programs and keep you informed. To demonstrate just how effective this program is, ask any one of the 10 million Firefox users who updated Flash in one month, after they were alerted by Plugin Checker.
Plugin checker performs a number of operations to gather data and inform the user:
- Gathers program and client data through URL parameters
- Retrieves current metadata for each plugin
- Verifies that the plugin is the latest version
- Determines is the plugin puts the user at risk
- Notifies user of vulnerabilities and suggests a course of action (removal/update)
- Provides link to vendor site for current update
- Rechecks updated plugin.
Mozilla is working to improve the functionality of Plugin Checker by integrating a crash reporting dashboard to inform users of the most likely crash culprits. In addition, they are working on a self-service panel that allows vendors to update plugin information, an open directory of plugins, and an embeddable widget for Plugin Checker that can be used with other applications like WordPress.