Network News

X My Profile
View More Activity

Future Firefox to Nag Users on Insecure Plug-ins

Mozilla says that the next version of Firefox will warn users if they are running insecure, outdated versions of the Adobe Flash Player, as part of a nascent effort to work with vendors of the most popular browser plug-ins to ensure users aren't falling behind on important security updates.

Beginning with Firefox 3.5.3 and Firefox 3.0.14, Mozilla will warn users if their Flash plugin is out-of-date. Mozilla said it is starting with Flash because if its ubiquity, but also in response to recent studies showing as much as 80 percent of users are running old versions of Flash.

"Mozilla will work with other plugin vendors to provide similar checks for their products in the future," the company said on its Security Blog. "Keeping your software up to date remains one of the best things you can do to keep yourself safe online, and Mozilla will continue to look for ways to make that process as easy as possible for its users."

The notification may look something like this:

flashplugff.JPG

It is good to see Mozilla delivering on an idea that was first floated as a possible future feature more than three years ago.

The announcement couldn't be more timely: According to SophosLabs, scammers and virus writers are now distributing malware that masquerades as a Flash Player plugin for the Firefox browser.

fakeffflash.JPG

Remember, always grab software updates directly from the software vendor whenever possible. Mozilla says its update feature will indeed direct users who need to update to download the latest version from Adobe's site.

By Brian Krebs  |  September 8, 2009; 8:17 PM ET
Categories:  New Patches , Safety Tips  | Tags: adobe flash, mozilla firefox  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Microsoft Fixes Eight Security Flaws
Next: Cyber Thieves Steal $447,000 From Wrecking Firm

Comments

This is really good news. It's about time of course, and I don't mean that as a slam against the folks at Mozilla. Adobe should have dealt with this problem on its own long ago so that all browsers could be easily kept up to date. If it wasn't for Brian's periodic alerts about new Flash releases (and links to the Flash version checker), I might never have known to update that app. Thanks Brian!

Posted by: urkelism | September 9, 2009 8:58 AM | Report abuse

Compare with IE, I prefer Firefox.

Suggest a useful tool for you.Secure your PC and Internet.

Posted by: juanchr | September 9, 2009 9:19 AM | Report abuse

Minor typo:
"Mozilla said it is starting with Flash because if its ubiquity.."

if should be of

Posted by: Eremita1 | September 9, 2009 4:24 PM | Report abuse

Great move...

...unless the updates involve the horrible Adobe Download Manager that regularly fails with Firefox.

-Brian (AKA The Dean)

Posted by: BrianAKATheDean | September 9, 2009 6:14 PM | Report abuse

How long before we have social-engineering attacks that pop up pages looking identical to Mozilla's upgrade warning?

Posted by: jamshark70 | September 10, 2009 8:17 AM | Report abuse

The new Firefox versions, 3.5.3 and 3.0.14, have been released. They're available via the "Help / Check for Updates" menu item, or from these pages (all languages and platforms):

http:///www.mozilla.com/en-US/firefox/all.html (For 3.5.3)

http:///www.mozilla.com/en-US/firefox/all-older.html (For 3.0.14)

Posted by: richg74 | September 10, 2009 8:37 AM | Report abuse

Having now installed the new version (3.5.3) and also re-checked the Mozilla security blog, I'd like to offer one clarification: this check of the Flash player is done as part of the process of installing a new version of Firefox. It does not appear that it is done on an ongoing basis. (Making that work would probably be hard for Mozilla to do unilaterally.)

So we all still need to keep reading "Security Fix". ;-)

Posted by: richg74 | September 10, 2009 11:40 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company