Firefox to nag users about plug-in updates

Not keeping your browser plug-ins up to date can be dangerous. Security holes show up in Flash and Adobe Reader on a regular basis, and exploits sometimes allow for remote code execution. That’s presumably why Mozilla is going to start nagging Firefox users with notifications about out-of-date plug-ins. Here’s the spiel from Jorge Villalobos, Mozilla’s Add-ons Developer Relations Lead:

Firefox users who have outdated versions of the most popular plugins will soon see a notification urging them to update when they visit a web page that uses them. Old versions of Silverlight, Adobe Reader and Adobe Flash on Windows are covered by this.
While you are free to ignore the warnings and continue using your old plugins, we strongly recommend that you go to our Plugin Check page and update them as soon as possible. Old plugin versions can cause stability problems and are potentially insecure. Keeping them up to date will ensure that you have a great Firefox experience.

I find update reminders as annoying as the next guy, but this seems like a necessary evil. Too bad the browser can’t update plug-ins silently by itself.

Personally, I like the way Chrome handles things. Flash is built-in and updated silently with each new Chrome release, while PDF support is native and doesn’t require Adobe Reader. That doesn’t cover Silverlight, but the majority of exploits out there seem to affect Adobe plug-ins, anyway.

Comments closed
    • phileasfogg
    • 7 years ago

    On Windows Vista, all my Firefox plugins are up to date but… the Adobe Shockwave plugin will not upgrade to the latest version, even after I tried to do this 3 times. I’m giving up in sheer disgust. Adobe is a royal ‘pita’ – I wish they’d never developed this buggy software in the first place.

      • albundy
      • 7 years ago

      they didn’t develop it, just “improved” it. Shockwave was a Macromedia developed product.

    • DarkUltra
    • 7 years ago

    [quote<]I find update reminders as annoying as the next guy, but this seems like a necessary evil. Too bad the browser can't update plug-ins silently by itself.[/quote<] I think updating programs are fun and leave me with a nice and tidy feeling. It is also fun if they bring exciting new features, like Direct2D acceleration or optimizations. Or better looking UI, like recent Thunderbird versions. But my dad are annoyed by avast definition updates and fear they slow down his PC.

      • eofpi
      • 7 years ago

      Avast has a silent mode for people like him.

    • Meadows
    • 7 years ago

    [quote<]"I find update reminders as annoying as the next guy, but this seems like a necessary evil. Too bad the browser can't update plug-ins silently by itself."[/quote<] No, it's not too bad. It would set on fire all the geeks who follow the path of "I Decide What Gets Installed", and the church of IDWGI will murder you for the suggestion.

      • DarkUltra
      • 7 years ago

      Like Microsoft bundles Bing toolbar with DirectX web install? Theres so much sneaky stuff going on.

        • Meadows
        • 7 years ago

        I can, and do, opt out if I want to. (And I want to.)

      • eofpi
      • 7 years ago

      And all those geeks will either opt out or choose not to opt in. Problem solved.

    • The Egg
    • 7 years ago

    Firefox’s “Plugin” management is a complete abomination. Applications are allowed to silently install whatever plugins they want without any user prompt. Once installed, there’s no clear way to remove a plugin; they can only be disabled. Further, I’ve disabled plugins like “Google Update” multiple times, only to find they’ve been automatically re-enabled at some point without my knowledge.

      • BobbinThreadbare
      • 7 years ago

      It’s not really Mozilla’s fault that other applications can access it’s directories.

        • The Egg
        • 7 years ago

        Then they need to change the way plugins are implemented. Like 99.997% of users, I haven’t looked into how things work behind the user interface. An application shouldn’t be able to both install and enable an unknown/unauthorized plugin simply by copying something to a directory. Installing ANYTHING without user knowledge/prompting is an enormous security hazard.

    • Deanjo
    • 7 years ago

    When hasn’t FF ever nagged about outdated plugins. Every damn update it goes through a “checking for plugin compatibility” routine and tells you to update. It has done that for years.

    • Aveon
    • 7 years ago

    I better start calling it f**kfox from now on , since every time I update to a newer version my addons and plugins start f**king around with me !

      • rrr
      • 7 years ago

      Bring some lube then and it will get more pleasurable for you I guess.

    • I.S.T.
    • 7 years ago

    I have never found a good PDF plugin, no matter what PDF reader I use. So, I just open these things in ol’ Foxit Reader and dispense with the browser freezing and security hole enabled crap that is PDF browser plugins.

      • bthylafh
      • 7 years ago

      Foxit isn’t “good’ anymore, it’s bloated crap since it became popular. On resource-constrained systems I use Sumatra… though I wish its color scheme wasn’t so /bright/.

        • I.S.T.
        • 7 years ago

        Eh, it runs fine on my system, which is a pentium dual-core 2160 OCed to 3 GHZ and running 4 gigs of DDR2. It doesn’t need to be the fastest thing in the world, just better than lagging the entire browser and crashy as hell, which is what PDF browser plugins are.

        • odizzido
        • 7 years ago

        Yeah foxit went to hell. Another sumatra user here, great little program.

        • Chandalen
        • 7 years ago

        I shall give this sumatra a look. As a bonus it also does epub/mobi. My hope for PDF/Flash/Java to die swift painful deaths aside…

      • brucethemoose
      • 7 years ago

      Nitro PDF works well for me.

      • stdRaichu
      • 7 years ago

      Personally I don’t think there’s any such thing as a good PDF plugin, to the extent where it’s one of the first things that always gets disabled on a new computer. Opening up the PDF in a separate process has always been fine for me (TBH never understood what the point of a plugin was); for the record I use Sumatra. Great little (emphasis on little) program.

      P.S. if you want to get rid of the somewhat annoying yellow colour in Sumatra, you just need a shortcut option and a hex code. I use “-bg-color #ADADAD”.

      [url<]http://blog.kowalczyk.info/software/sumatrapdf/manual.html[/url<]

      • Derfer
      • 7 years ago

      I highly recommend going back to adobe. I was becoming more and more dissatisfied with foxit’s speed, bugs, and compatibility issues. So I took another look at adobe after the years and realized I shouldn’t be freaking over the bigger install size. It had none of those issues and on top of that it has much better security.

        • I.S.T.
        • 7 years ago

        I’ve honestly only had compatibility issues with a foxit version that was about three years old or older. I’ve had no speed issues with it either, something I can’t say with Adobe(Of course, new adobe versions might have fixed that).

    • colinstu12
    • 7 years ago

    Don’t need to worry about plugins ever being out of date in Chrome.

    It “just works”

    🙂

      • HisDivineOrder
      • 7 years ago

      Which is why Chrome is better.

      • Goty
      • 7 years ago

      It’s funny because there aren’t any!

      *cues downvotes*

      • cheesyking
      • 7 years ago

      isn’t it only flash and reader that are auto updated and the latter only if you don’t also install the standalone version of reader?

      Java still relies on its own update mechanism as does every other plugin that might get installed.

        • derFunkenstein
        • 7 years ago

        Yeah and if Java doesn’t get updated it nags you, just like it will in Firefox.

    • Arclight
    • 7 years ago

    Do Adobe plug-ins have so many security holes or are they discovered/exploited only because these plug-in are very popular?

      • Game_boy
      • 7 years ago

      Plugins that allow arbitrary executable code are naturally insecure.

      • shaurz
      • 7 years ago

      Both.

Pin It on Pinterest

Share This