Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Mozilla Plugin *always* detected

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
VideoLAN
And, this specific program:
VLC media player 1.x

This thread has been marked as locked.
heyidiot Mozilla Plugin *always* detected
Member 8th Feb, 2011 21:35
Ranking: 1
Posts: 3
User Since: 19th Dec, 2009
System Score: N/A
Location: N/A
Even though I have not installed the VLC Player Mozilla plug-in, PSI still warns about it in Secure Browsing section. Why?

By default, when installing VLC Media Player, the Mozilla plug-in is deselected. I've never selected it, so it's never been installed. It is not just disabled, it is not listed (in Tools, Addons, Plugins) at all.

I think PSI is seeing VLC Player installed, and Mozilla installed, and then just assuming the plug-in is also there.

mogs RE: Mozilla Plugin *always* detected
Expert Contributor 8th Feb, 2011 22:01
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 8th Feb, 2011 22:02
I think Anthony Wells has already given explanation here :-
http://secunia.com/community/forum/thread/show/744...

Extract :-

Due to the way the PSI detection rules reads the VLC programme , it will show all browsers as being "insecure/no solution" in the "secure browsing" module of the PSI ; this is a known bug and has been discussed at length in several threads . This status will not change until/unless the Mozilla plug-in insecurity is fixed in the Player or the Player's method of incorporating the plug-in(s) changes .

Hope that is clear .


--
Was this reply relevant?
+1
-0
heyidiot RE: Mozilla Plugin *always* detected
Member 8th Feb, 2011 22:45
Score: 1
Posts: 3
User Since: 19th Dec 2009
System Score: N/A
Location: N/A
Slightly helpful. But no, not very clear. The implication is that users are still at risk, even after slogging through the explanation.

It certainly won't be clear to many users who look at the"Unpatched, no vendor solution" advice given by PSI.

Why, if it is a non-issue to users who install VLC Player with the default settings, is it not mentioned in the security advisory about the issue? Actually, I take that back... it IS mentioned a number of times in fact, but every mention of it is "minimized due to negative relevancy", except for the one that I just posted.

But, give them time I guess...

Thank you!
Was this reply relevant?
+3
-0
puget1 RE: Mozilla Plugin *always* detected
Member 8th Feb, 2011 22:56
Score: 0
Posts: 551
User Since: 21st Dec 2007
System Score: N/A
Location: US
Last edited on 8th Feb, 2011 22:57
@heyidiot

F.Y.I "anything" that streams is and always will be insecure. It is a hackers favorite trick to attach malicious code to anything that streams to get a crack at your p.c. This is why Secunia, a security company with millions of dollars in servers to protect finally broke away from flash for its graph. A wise example for a security company to do.

--
Windows Home Basic-Service Pack 2
Dell AMD Athlon 64x2 Processor 4000+ 2.10Ghz 2Memory 32 Bit

Firefox 27+ - MS Security Essentials+Spybot-Spyware Blaster-Malwarebytes-Emsisoft Malware- Sandboxie

IE 9-seldom












Was this reply relevant?
+0
-0
mogs RE: Mozilla Plugin *always* detected
Expert Contributor 8th Feb, 2011 22:59
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
The Vulnerabilities section of the forum can be a contentious area....it's not always as easy to understand as it is to explain !!! It is primarily used by officials to discuss matters specific and relative to the advisory....not for members with complaints.....many have been penalised. For that reason it is better avoided and a new thread started...as you have done here.


--
Was this reply relevant?
+0
-0
Anthony Wells RE: Mozilla Plugin *always* detected
Expert Contributor 9th Feb, 2011 17:21
Score: 2384
Posts: 3,280
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 9th Feb, 2011 17:38
Hello heyidiot ,

Let me be clearer :-

Secure browsing is for "advanced" users so they can see a potential risk when browsing despite having applied all necessary/available patches to their programmes .

Detailed perusal of the relevant SA 's , other Community Forum threads about the VLC bug and responses from Secunia officials (contained therein) would tell you/"advanced" users that the SA 41810 vulnerability applies currently to the VLC Mozilla plug-in ; no other browsers are affected . The display bug whererin all browsers are pinpointed in the "secure browser" module is known to Secunia and they are not able to amend their detection rules satisfactorily to change this situation .

The display problem is irrelevant to the technical use of the SA (available to all security searchers) , hence the minimisation by Secunia - including a supposedly "helpful" post from me ;((

Your thread here is relevant as it refers to a PSI detection/display and you now have all the info - or where to find it - to deal with the display bug .

If it is not clear now , you can either wait for someone from Secunia support to add their comments here or contact them direct at support@secunia.com.

Take care

Anthony

PS: If you don't know how to search/review the other VLC threads , click the pale blue "VLC media player 1.x" link at the top/upper right of this page .

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability