Firefox is supporting to old versions of plug-ins

RESOLVED WONTFIX

Status

()

RESOLVED WONTFIX
4 years ago
4 years ago

People

(Reporter: devand27, Unassigned)

Tracking

35 Branch
x86_64
Windows 7
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

4 years ago
Created attachment 8503032 [details]
Untitled 2.png

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36

Steps to reproduce:


1. Firefox blocks old versions of plug-in, when it finds in the computer.
2. But It still allows to run the old version plug-in by using the User Interface which is a security vulnerability.


Actual results:


Firefox is allowing to run the old versions of plug-ins by using the User Interface which is a security vulnerability. Since the Impact of plug-in security vulnerability is very high, Firefox should not support old versions of plug-ins permanently. 

Thanks
Chandra Mohan


Expected results:

Firefox should not support old versions of plug-ins permanently.
(Reporter)

Comment 1

4 years ago
Hi

Firefox should run the plug-ins only if it is up-to-date. This would be the complete fix for the vulnerabilities in plug-ins.

Thanks

Updated

4 years ago
Component: Untriaged → Plug-ins
Product: Firefox → Core

Comment 2

4 years ago
Marking the plugin as click-to-play is the tradeoff we put in place to try and nag users into upgrading while recognizing that in some cases it may not be possible. We do not plan on changing this behavior.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.