Closed Bug 1097853 Opened 6 years ago Closed 3 years ago

VLC plugin is 2.1.3, while the player is 2.1.5 one marked at vulnerable

Categories

(Plugin Check :: UI, defect)

defect
Not set

Tracking

(Not tracked)

RESOLVED INVALID

People

(Reporter: guigs, Unassigned)

References

Details

Problem description: [Basically, the VLC plugin is 2.1.3, while the player is 2.1.5. The Mozilla Plugin Check is assuming that the player version should be the same as the plugin, and is unintentionally triggering the "needs update" flag, even though, according to VLC, the plugin is in its current version. ]
-https://support.mozilla.org/en-US/questions/1026753
I can confirm that issue has been reported in
bug 1089012 "PlugIn Check for VideoLan correctly reports current version
for the NPAPI browser plugin version 2.1.3,
but database incorrectly reports it as outdated".

I agree that this is confusing for Users.

The fact that VLC use a different 'File Version' in the metadata in their plugin
vs the rest of the software, has been a contributory factor in the
Plugincheck Database having "2.1.5" recorded in the Plugincheck Database
(see bug 1080606).

rmcguigan, do you think your report is a Duplicate of bug 1089012?

DJ-Leith
This is clearly a VLC issue, and I've updated #1089012 and created a ticket on their own ticketing system at https://trac.videolan.org/vlc/ticket/13228
Came here because of my Firefox 34.0.5 showing "VLC media player Web Plugin 2.1.3" as out-of-date/vulnerable (veraltet/angreifbar).
VLC media player 2.1.5 is installed.

As to Comment 2, "clearly" sounds a bit biased ... That vlc ticket: Status changed from new to closed, Dec 16, 2014. They blame it more on the side of firefox than on their side (as much as I understand).

Whatnot righty-right, I'm just a regular (mostly happy) firefox user and this bug report answers
(although a little awkward) my question that VLC Plugin 2.1.3 is the expected plugin to be. Thanks.
I am sorry, but this is realy nonsense.

The VLC software consists of (at least) two parts.

Player and Plugin.

They are packaged together, but the versions can and do differ.

Mozilla is now thinking that

1) Any software for that a newer version exists, is automaticlly a) vulnerable and b) obsolete

2) That the Plugin should be at the Version of the Player

Both assumptions are ... not very intelligent.


There are two way to fix this:

1) Either package Player and Plugin separately and give separate versions numbers (TODO for VLC)
2) Check for the right version, the Plugin not the Player (TODO for Mozilla)

For me, 2) is the way to go.
Why?

Because a software may contain *numerous* parts in different versions, all of them versioned with a continuing version number - but not all parts will ever change!
That means, there are always parts of a software that do not change and will not change for a long time.
It is not possible to split everything into separate packages.

If *any* other software uses the package or part of it, it should check for the right version and not make assumption about what version is correct of each part.
I believe this is a duplicate of Bug 1089012.  There, there is a broader description and some background research on the issues presented
I have been having problems with this plugin check for VLC for a LOOOOONG time. Something needs to be fixed because I'm tired of updating VLC and then having Mozilla's plugin check tell me that the VLC web plugin is vulnerable.  I'm using VLC web plugin 2.1.3.0 and the date of the .DLL is 7-22-2014. I am using VLC version 2.1.5.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.