Our users often get hacked via vulnerable third party plug-ins.

Add scripts on common landing pages to check for vulnerable plug-ins and assist the user in updating them.

Components

• Script and alert on landing pages
• Page that checks all the common plug-ins and assists in the update

First Run

Add an alert that checks the first time a user opens Firefox:

Message: We detected that some of your media plug-ins are vulnerable, click here for more info.

This is non-evasive, as we do not want to have the user have trouble getting started with Firefox.

stick mock-up and plans for how it will look here

This will lead the user to the plug-in check page.

Updated

Add similar alert to the "you've been updated" page which leads to the plug-in check page.

This page will do a check on common plug-ins and see if they are vulnerable or not.

The plug-ins:

• Java
• Flash
• Windows media player
• Quicktime

• bug + possible javascript
• Possible Flash API for determining an update
• Javascript library providing some plug-in detection functionality