Firefox/Projects/Plugin Update Referrals
Our goal is to get as many people who use Firefox to also update their plugins to improve the security of their systems. We want to do this in the Firefox 3.6 time frame. Suggested path is:
- Maintain a list of common plugins and versions.
- Offer a page on mozilla.com that checks plugin versions and offers links to updated versions of those plugins.
- Use the plugin blocklist capabilities in Firefox to push users to update.
- Automatic downloading and updating of plugins
The browser should use the existing blocklist functionality in order to figure out if someone has old plugins installed.
The user would be notified in the following ways:
- User visits a page with an outdated plugin. The plugin is allowed to load. A notification box is shown in that tab, informing user that the plugin is outdated. There's an "Update Plugins..." button, that takes the user to the page on mozilla.com. This page would list all outdated plugins the user has installed, not just the one that was just used.
- When the user manually checks for updates via Help -> Check for Updates, and there is no update, it then checks for outdated plugins. If there are any, provide a link to the mozilla.com page.
- On startup (not after an update), if outdated plugins are detected, open a tab to the outdated plugins page. This would only happen once for a plugin version.
- On the Plugins tab of the extension manager, there would be a "Check for updates" button. Clicking this would open a tab to the outdated plugins page. Additionally, the items for outdated plugins would indicate that they're outdated.
- When the blocklist service updates from a periodic check and detects an outdated plugin (that hasn't been warned of before), it shows an alert (via the alerts service) informing the users. Clicking on this alert would open a tab to the plugins page on mozilla.com.
See Plugins:PluginCheck for updates on the website and service side of this problem.
See Security:ThePluginProblem for some thoughts from Chris Hofmann on the topic.
- Still under design, see documentation
- Kev not in the loop yet. Need to work with at least:
- Apple (Quicktime)
- Adobe (Flash, Shockwave, Reader)
- Microsoft (Silverlight)
- Sun (Java)
- Landed on 1.9.2