Server

Codebase

http://svn.mozilla.org/projects/pfs2/trunk/

Schema

• Checked in here
• plugins
• mimes
• plugins_mimes

Environments

Dev - local

Request

Current PFS parameters

mimetype=application/x-java-appletapp
ID={ec8030f7-c20a-464f-9b0e-13a3a9e97384}
appVersion=1.5.0.4
clientOS=Win
chromeLocale=en-US

Current VersionCheck parameters:

reqVersion=1
id={49f3fc85-dcfe-4e42-9301-226ebe658509}
version=0.6.1
maxAppVersion=2.0.0.*
status=userEnabled,incompatible
appID={ec8030f7-c20a-464f-9b0e-13a3a9e97384}
appVersion=3.0b3pre
appOS=Darwin
appABI=x86-gcc3
locale=en-US

PFS 2 Example call - GET to:

 http://pfs2.mozilla.org/?appID={ec8030f7-c20a-464f-9b0e-13a3a9e97384}&mimetype=application/x-shockwave-flash&appVersion=2008052906&appRelease=3.0&clientOS=Windows%20NT%205.1&chromeLocale=en-US&callback=later

• callback - optional, makes the output JSONP instead of JSON

Response

Is the following data a sample of the JSON output of PFS2?

[ {
  "name" : "Plugin",
  "version" : "1.0",
  "filename" : "plugin.dll",
  "vendor" : "Mozilla",
  "url" : "http://mozilla.com/",
  "icon_url" : "http://mozilla.com/favicon.ico",
  "latest_version" : "1.0",
  "installer_location" : "http://mozilla.com/installer.exe",
  "installer_hash" : "sha256:592eca7e6f2731c65e344c4514bd7efa0a7ec8a203d97b4f5aadb14c44379178",
  "installer_shows_ui" : "false",
  "license_url" : "http://mozilla.com/license.html",
  "needs_restart" : "true",
  "description" : "This is a Mozilla plugin that does things.",
  "platforms" : [
    { "name" : "Mac OSX" },
    { "name" : "Windows NT 6.0" } 
  ], 
  "xpcomabi" : "x86",
  "mime_types" : [ { 
    "mime" : "text/plain",
    "description" : "HTML",
    "suffixes" : ".html, .xhtml, .htm"
  } ]
} ]

Client

Codebases

• mozilla.com
• Perfidies of the Web

Perfidies is the PFS2 client. It will be usable for plugin page, web badges, etc.

PFS2 inputs

• App ID is hardcoded in the JS. We'll update this script when a new appId is available. Firefox always uses the same app id and it won't change any time soon.
• appID={ec8030f7-c20a-464f-9b0e-13a3a9e97384}
• mimetype - navigator.plugins[x].type roughly
• appVersion = navigator.buildid roughly
• appRelease = navigator.appVersion roughly
• clientOS = navigator.oscpu roughly
• chromeLocale = navigator.language

Environments

• dev - I have a dev instance up
• trunk - https://www-trunk.stage.mozilla.com/
• stage - https://www.authstage.mozilla.com/
• prod - http://www.mozilla.com/

General Algorithm

1. Taking all the plugins in the browser
2. For each Plugin
   1. Take all the mime-types in the plugin
   2. For each mime type
      1. Find The Plugin from the service by mime-type and other parameters
         1. Take all the plugin infos which is the response
         2. For each info
            1. Try to match the `name` in the response to the plugins name
               1. if there is a match, use the info from this mime-type. Check version and vulnerability
               2. else if there is no match, continue with the next mimetype
               3. if all mime-types are exausted and no plugin name is matched, then this plugin is 'unknown', continue with next plugin

Matching info name to plugin name

This is a fragile piece of the algorithm. The PFS2 server has a 'name' field in the response. The client will try to match this against

1. plugin.name

A match will be if the name appears anywhere within these feilds. Example good match:

 info { name: "Flash" }
 plugins: [{name: "Adobe Flash 10.0.0.31"}]

Question: Do we want to have the results return a list of known names? Or how can we make this more betterish?

Quantity of calls per plugin

Some plugins like Quicktime register 76 plugins. We'll want to have them all in the DB, so the first call by mime-type matches.

Current, Out Dated, Vulnerable, or Unknown

These are the states of a plugin.

We need to spec out the vulnerability mechanism

Current vs Out of date compares version components from left to right. Example: 5.10.3 compared to 5.11

1. explode verison on '.'
2. compare 5 to 5
3. compare 10 to 11, 5.11 is higher

Unknown

The client library will record unknown plugins by requesting a well known 1 pixel image and encode the plugin info into the request. These details can be harvested from web logs in a low tech way in bulk, at our leisure to discover popular plugins not in the DB.

Related Information

• https://wiki.mozilla.org/Plugins:PluginCheck
• https://wiki.mozilla.org/Firefox/Projects/Plugin_Update_Referrals
• https://wiki.mozilla.org/Website/Sprints/PluginProblem
• https://wiki.mozilla.org/Security:ThePluginProblem
• https://bugzilla.mozilla.org/show_bug.cgi?id=465898 -
• http://theunfocused.net/2009/08/22/status-update-2/