PluginUpdating: Difference between revisions
Jump to navigation
Jump to search
| Line 37: | Line 37: | ||
* [http://www.adobe.com/devnet/flashplayer/articles/fp8_security-related_apis.pdf Possible Flash API for determining an update] | * [http://www.adobe.com/devnet/flashplayer/articles/fp8_security-related_apis.pdf Possible Flash API for determining an update] | ||
* [http://gemal.dk/browserspy/ Javascript library providing some plug-in detection functionality] | * [http://gemal.dk/browserspy/ Javascript library providing some plug-in detection functionality] | ||
* [http://www.adobe.com/shockwave/welcome/ Adobe's flash checker] | |||
Revision as of 17:42, 6 August 2007
Problem Statement
Our users often get hacked via vulnerable third party plug-ins.
Proposal
Add scripts on common landing pages to check for vulnerable plug-ins and assist the user in updating them.
Components
- Script and alert on landing pages
- Page that checks all the common plug-ins and assists in the update
Landing pages
First Run
Add an alert that checks the first time a user opens Firefox:
Message: We detected that some of your media plug-ins are vulnerable, click here for more info.
This is non-evasive, as we do not want to have the user have trouble getting started with Firefox.
stick mock-up and plans for how it will look here
This will lead the user to the plug-in check page.
Updated
Add similar alert to the "you've been updated" page which leads to the plug-in check page.
UpYourPlug page
This page will do a check on common plug-ins and see if they are vulnerable or not.
The plug-ins:
- Java
- Flash
- Windows media player
- Quicktime
- Real player