Firefox adds Flash plug-in update protection
Mozilla kicks off scheme Tuesday; Firefox 3.6 will check for old Apple, Microsoft plug-ins, too
Computerworld - Mozilla's next update for Firefox, slated to ship Wednesday, will check for outdated versions of Flash Player, a frequent target of hackers, the company said on Friday.
The move is the open-source browser maker's opening salvo against out-of-date, open-to-attack plug-ins from vendors like Apple, Adobe, Microsoft and Sun.
One security expert applauded the news. "This is a great way of improving the security of Web browsers," said Wolfgang Kandek, chief technology officer at security firm Qualys, in a blog entry Saturday. "Flash is often used by attackers to exploit client machines and unfortunately notoriously difficult to update, requiring, on Windows, different update packages for Internet Explorer and all other browsers."
Firefox 3.5.3 and Firefox 3.0.14, security updates for the newest Firefox 3.5 and 2008's Firefox 3.0, respectively, are set to release Sept. 9. After installing either of those two updates, Firefox users will see a message if their computer has an out-of-date version of Flash Player. "You should update Adobe Flash right now," the message will read. "Firefox is up to date, but your current version of Flash can cause security and stability issues. Please install the free update as soon as possible."
The message will also include a link to the download site for the latest Flash Player plug-in.
"For now, our focus is on the Adobe Flash Player both because of its popularity and because some studies have shown that as many as 80% of users currently have an out-of-date version," said Johnathan Nightingale of the Firefox security team, in an entry to the group's blog.
Nightingale was referring to a mid-August report by New York City-based security company Trusteer, which said that two weeks after Adobe patched Flash, almost 80% of the 2.5 million PCs scanned by Trusteer's security service had not yet been updated.
Some of the users most immediately affected by Firefox's new plug-in check will be those running Apple's new Snow Leopard operating system. Apple shipped a months'-old copy of Flash with Snow Leopard, and even "downgraded" current versions during the upgrade to a vulnerable edition of Flash.
Browser wars
- Microsoft wraps up ads aimed at Google with IE9 pitch
- German gov't endorses Chrome as most secure browser
- Google's punishment of Chrome drops browser's share, says metrics firm
- Firefox 10 relieves add-on updating pain
- Mozilla OKs Firefox 10 launch this week
- Google patches several serious Chrome bugs
- Mozilla slows pace of Firefox 9 upgrades
- Google patches Chrome, beefs up malicious file blocking tech
- Mozilla to launch enterprise Firefox this month with 7X slower pace
- Mozilla persuades Firefox 3.6 users to dump old browser



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Overcome Top 7 Admin Challenges of Active Directory
- As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable,...
- Insiders Can Ruin Your Company. Take Action.
- Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in...
- Top Solutions and Tools to Prevent Devastating Malware
- Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring...
- X-Ray of the PCI Process-4 Proactive Steps
- This white paper from Forrester Research Inc., helps break PCI into understandable components. Security and risk professionals will gain knowledge and insight into...
- Identity Governance: The Business Imperatives
- This white paper describes the business challenges and opportunities that are driving interest in Identity Governance while discussing considerations your organization should make... All Security White Papers
- Live Webcast
Playing Defense: Staying on Top of Your Disaster Recovery Game - When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing...
- Introduction to VMware vCenter Site Recovery Manager 5
- Traditional disaster recovery solutions are often too expensive, complex and unreliable to meet business requirements. As a result, IT departments are hesitant to...
- The Top Ten Secrets to Avoiding SAN Performance Problems
- Maintaining peak performance while simultaneously addressing the root cause of SAN errors is challenging. Learn the most common SAN problems and explore new...
- Deduplication Without Compromise
- Go inside Quantum's scalable, high-performance, multi-protocol new DXi deduplication appliances, designed to make backup much more effective. Discover how the new future-proof DXi6700...
- Director of Disk Products Discusses DXi6700
- Discover how the new DXi 6700 series of deduplication appliances provide investment protection and a future-proof feature set, all while delivering fast, scalable,...
- Playing Defense: Staying on Top of Your Disaster Recovery Game
- When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing... All Security Webcasts