Closed Bug 1184047 Opened 9 years ago Closed 7 years ago

Plugin Check site should show helpful hint about vulnerable status

Categories

(Plugin Check Graveyard :: Client, defect)

Product:
Plugin Check Graveyard
Component:
Client
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: send2adtc, Unassigned)

Details

Attachments

(2 files)

plugincheck_vulnerable
15.26 KB, image/png
Details
plugincheck_updateNow
15.21 KB, image/png
Details
Attached image plugincheck_vulnerable 
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Build ID: 20150630154324

Steps to reproduce:

There are quite a number of complaints about the Plugin Check reporting a plugin as vulnerable although it is already the latest version. The confusion arises from the urgency to update the vulnerable plugin, though there is no new version at the moment. Without proper guidance, users tend to misunderstand "being vulnerable" as "being out of date" while in reality, an up to date plugin can be vulnerable. A few helpful hints as shown in my mockups could clear up the confusion and guide the users on how to approach a vulnerable up to date plugin.

Steps to reproduce:

Install the latest version of a plugin that is currently reported as vulnerable (such as Java or Flash).
Open the Add-ons Manager and click on Plugins on left.
Click on the "Check to see if your plugins are up to date" link.
View the status report on the Plugin Status Check site.


Actual results:

Plugin Status Check site reports plugin as vulnerable and urges user to update it. User finds that plugin is already up to date. User find the information inconsistent and incoherent.


Expected results:

Plugin Status Check site reports plugin as vulnerable and urges user to update it, BUT hints that an update may not be available. User finds that plugin is already up to date, but understands that a new version fixing the vulnerability is still in the works. User may continue to use the plugin or disable it in the Plugin Manager. User may check for updates at a later date.

Additional info:

Glyphicon used: "glyphicon glyphicon-question-sign" (color: goldenrod)
Bootstrap tooltip used for mockups.
Text (Vulnerable): A vulnerability has been reported for this plugin. However, the plugin may already be up to date.
Text (Update Now): If the plugin is already up to date, consider disabling it until a new version is released.
Attached image plugincheck_updateNow 

    
  
Component: Untriaged → Client
Product: Firefox → Plugin Check
Version: 39 Branch → unspecified
Assignee: nobody → schalk.neethling.bugs
Assignee: schalk.neethling.bugs → nobody

    
    

    
  
Plugin check is no longer supported.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → INCOMPLETE

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: