Mozilla extends security tool to IE, Safari, Chrome, and Opera

Not just limited to Firefox, tool allows users of rival browsers to check for outdated, vulnerable add-ons

Mozilla is preparing a tool to give users of rival browsers, including Internet Explorer (IE), Chrome, Safari, and Opera, a way to find out whether important add-ons are up to date.

According to a schedule published last week, Mozilla plans to switch on cross-browser functionality of its Web-based tool today. The tool, an adjunct to a checking mechanism embedded in Firefox 3.6, allows Chrome 4, Opera 10.5, and Safari 4 users to check for outdated plug-ins, such as Adobe's Flash and Apple's QuickTime, that are frequently targeted by hackers.

[ Just in time before a hacking contest, Mozilla fixes a critical Firefox bug -- one month after its disclosure | Google patched 11 vulnerabilities in Chrome just days before the hacking contest, and Apple's browser, which expected to be the first to fall in the hacking contest, recently got 16 fixes. ]

Support for IE is limited to IE7 and IE8, and to checking a smaller number of plug-ins than the other browsers.

As of mid-day Tuesday, Mozilla had enabled the plug-in checking for other browsers on a preliminary version of the tool, but had not turned it on in the real deal.

Outdated plug-ins are tagged with an "Update" label to mark them as potentially vulnerable, while others are marked as "Up to Date," or if their status is unknown, with "Research." Other tags, including "Maybe Outdated" and "Maybe Vulnerable," are to be introduced in the final tool.

Last year, Mozilla kicked off the checker by verifying only Adobe Flash, citing that add-on's dual popularity and propensity for being exploited by attackers. Later, Mozilla added other Firefox plug-ins to the list, and integrated the tool into Firefox 3.6, the version that debuted last January.

The idea behind the checker is to show users which plug-ins may be vulnerable to attack because they have not been patched. The tool works by pinging Mozilla's servers, which compare the plug-in versions found on the machine with the newest edition numbers. Links for those marked "Update" lead to the appropriate vendor's plug-in download page, where users can acquire the current version.

Firefox 3.6 sports features, including a warning when users surf to a page that tries to load an outdated plug-in, which aren't offered to other browsers via the Web tool. Mozilla has also said it will integrate a plug-in update service, similar to what it offers for the browser's extensions, into Firefox at some point. At the moment, the newest edition, Firefox 3.6.2, still leads users to the plug-in checking page when the "Find Update" button is clicked in the "Plugins" section of the "Add-ons" tool.

The plug-in page can be found on Mozilla's Web site.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed. His e-mail address is gkeizer@ix.netcom.com.

Read more about internet applications in Computerworld's Internet Applications Knowledge Center.

This story, "Mozilla extends security tool to IE, Safari, Chrome, and Opera" was originally published by Computerworld .

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies