Closed Bug 840557 Opened 13 years ago Closed 8 years ago

Version of Adobe PDF in listed in Plug-ins out of date, doesn't match https://www.mozilla.org/en-US/plugincheck/

Categories

(Core Graveyard :: Plug-ins, defect, P3)

Product:
Core Graveyard
Component:
Plug-ins
Version:
18 Branch
Platform:
x86
Windows XP
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: cadmiumgrundy, Unassigned)

Details

Attachments

(3 files)

Shows discrepancy between Plug-ins manager and Plugin Check page.
362.52 KB, image/png
Details
Screen shot of about:plugins
130.45 KB, image/png
Details
pluginreg.dat
17.12 KB, text/plain
Details
User Agent: Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0 Build ID: 20130201065344 Steps to reproduce: Checked inventory of Plug-ins in Add-ons manager. Actual results: Plugins list in Add-ons manager shows that Adobe Acrobat plugin "Adobe PDF" is version 8.x and is vulnerable. Expected results: Plug-in Checker at https://www.mozilla.org/en-US/plugincheck/ confirms that the Adobe Acrobat plug-in is version 11.x and is up-to-date.
1) Go to about:config and set plugin.expose_full_path true 2) Provide screenshot with problem from Add-ons manager and data from about:plugins for Adobe Acrobat plugin
Flags: needinfo?(cadmiumgrundy)
I installed Adobe Acrobat Reader version 8.1.2 which installed Adobe Acrobat 8.1.0.137 plugin on Firefox 18.0.2 for Windows XP. Plug-in Checker confirmed that Adobe Acrobat is outdated and need an Update. After update both about:addons and Plug-in Checker show the 11.0.1.36 version is up to date.
Component: Untriaged → Plug-ins
Product: Firefox → Core
Flags: needinfo?(cadmiumgrundy)
I did: 1) Go to about:config and set plugin.expose_full_path true 2) Provide screenshot with problem from Add-ons manager and data from about:plugins for Adobe Acrobat plugin Including one additional attachment.
Wouldn't be possible tot have both Adobe Acrobat 8 Professional and Adobe Reader 11 installed on your system?
Does the issue persist when restarting Firefox?
Flags: needinfo?(cadmiumgrundy)
Whiteboard: probable dupe of 554780
Yes, I have Adobe Acrobat 8 Professional (8.3.1) and Adobe Reader 11.0.01 installed. Yes, persists after restart.
Flags: needinfo?(cadmiumgrundy)
Ah, then it's not bug 554780. Mossop, is this currently a limitation of the PluginProvider with the tags being collapsed into groups?
Whiteboard: probable dupe of 554780
Not sure, the screenshots don't show enough of the plugin list to tell what is going on. Can you attach pluginreg.dat from your profile folder please. http://support.mozilla.com/en-US/kb/Profiles
Attached file pluginreg.dat
(In reply to Nat from comment #11) > Created attachment 716130 [details] > pluginreg.dat Based on that file what you should see in the add-ons manager is two entries for "Adobe Acrobat". One with the description "Adobe PDF Plug-In For Firefox and Netscape 8.3.1" and version 8.3.1.289 and one with the description "Adobe PDF Plug-In For Firefox and Netscape 11.0.01" and version 11.0.1.36. Only one of those should be marked as vulnerable. Do you see something else? Could you make sure you're looking in the Firefox add-ons manager (enter about:addons into the address bar) rather than whatever extension is giving you the plugins list in a sidebar.
Mossop, the attached pluginreg.dat comes from folder C:\Documents and Settings\[username]\Application Data\Mozilla\Firefox\Profiles\erojvnp9.default. The target for the shortcut to pluginreg.dat in C:\Documents and Settings\[username]\Recent is C:\Documents and Settings\[username]\Application Data\Mozilla\Firefox\Profiles\erojvnp9.default\pluginreg.dat, so I figured that's the copy of pluginreg.dat that one you want. Right? Thx
Dave/Mossop, That's exactly what I see in the addons manager in the sidebar, once I click on "more," and it's what I see in about:addons.
Ok so this is behaving as intended since you have two versions of acrobat installed (three actually but two are the same version so we coalesce them). Are you asking that we hide older versions from the UI?
Hmmm. I'm not sure if I should ask for that. I was confused by what I thought was a discrepancy between the info shown on https://www.mozilla.org/en-US/plugincheck/, and what was shown in the Addons sidebar. Here is where I apologize for not noticing that on https://www.mozilla.org/en-US/plugincheck/ it references Adobe Acrobat 11.0.1, not 8.3.1. The info in the Addons manager for 11.0.1 matches what's on https://www.mozilla.org/en-US/plugincheck/. What's really going on is that the Addon's manager displays info for Adobe 8.3.1 (because I have Adobe Acrobat 8 Professional installed), whereas https://www.mozilla.org/en-US/plugincheck/ doesn't display any info for 8.3.1. So it's just that the Addons manager has more info than the plugin check page. If you were to hide older versions from the UI, wouldn't that mask a vulnerability from the user? I don't actually have a vulnerability with respect to Adobe Reader -- that much I grasp. The thing is/my question is, do I have a vulnerability by virtue of having AA8Pro 8.3.1 installed? If not, then isn't the Addons Manager (a) confused/wrong to think I'm vulnerable and (b) confusing the user? I'm just trying to think it through here, so please bear with me if I seem a little slow. Thoughts?
I think it depends which plugin we'd use when a pdf were encountered in the page. I'm not sure what Firefox uses when it has more than one plugin for a type installed, if it always uses the newer version then the older version could probably be safely hidden. Georg, do you know the answer to that?
BTW, when I click on "Update Now" in the Addons Manager, the page it takes me to is a Mozilla page notifying my that Adobe Reader 9.5.1 and lower are blocked. https://addons.mozilla.org/en-US/firefox/blocked/p156 (Curious as to why it doesn't take the user to Adobe Reader 11.x.) That page recommends that the user go to the plugin check page and when I do that, of course, FF detects that I have Adobe Reader 11.0.1 installed and that all is well. So it's a fire drill based on a "false" (?) alarm.
(In reply to Nat from comment #18) > BTW, when I click on "Update Now" in the Addons Manager, the page it takes > me to is a Mozilla page notifying my that Adobe Reader 9.5.1 and lower are > blocked. https://addons.mozilla.org/en-US/firefox/blocked/p156 That's bug 798176
(In reply to Nat from comment #13) Note that you can easily get to your profile folder via: Help -> Troubleshooting Information -> Profile Folder [Show] (In reply to Dave Townsend (:Mossop) from comment #17) > I think it depends which plugin we'd use when a pdf were encountered in the > page. I'm not sure what Firefox uses when it has more than one plugin for a > type installed, if it always uses the newer version then the older version > could probably be safely hidden. Georg, do you know the answer to that? Currently whatever plugin is "most recently modified" and handles PDF (although that's just the PluginHost view and i'm not sure if you can override which plugin handles it via Options->Applications). If i read the above comments right it sounds like it's all behaving as intended? At least i think that when you look in the addons manager it should point out vulnerable plugins even if they might *currently* not be used.
Guys, thanks very much for your time and effort. I agree, now, that it's probably behaving as intended. I also agree that it's better for the Addons managaer to report to the user that there's a vulnerable plugin even if it's not currently the one accessed/deployed to deal with whatever content that plugin is for. However, it would be good , I think, to answer the question, which plugin IS being deployed for that ocntent when there's an up to date (safe) one and an older (vulnerable) one both installed. Thanks again, not just for your attention to this (non?)bug, but also for the other helpful tips. Rock on.
Ok, closing based on that. I think Options->Applications covers the question which plugin handles which mimetypes - if it doesn't cover everything, that would probably be worth an enhancement bug.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
I don't think there's any point in warning somebody about a plugin that the browser couldn't actually ever use. The new version of Acrobat is a superset of the MIME types from the old version, so really I don't think we ought to be listing the old version in the addon manager at all.
Status: RESOLVED → REOPENED
Ever confirmed: true
Resolution: INVALID → ---
Right, i was somehow thinking there was a separate Acrobat Pro installed - but the plugin registry only shows slight mimetype differences, version differences and description differences due to the version suffix. Maybe the PluginProvider could coalesce independent of the version here (given the mime type constraint)?
Priority: -- → P3
(In reply to Georg Fritzsche [:gfritzsche] from comment #24) > Right, i was somehow thinking there was a separate Acrobat Pro installed - > but the plugin registry only shows slight mimetype differences, version > differences and description differences due to the version suffix. > > Maybe the PluginProvider could coalesce independent of the version here > (given the mime type constraint)? Coalescing is already kind of fragile, might be easier to just hide unusable plugins entirely. I'd like to be sure how Firefox decides what plugin to use for a given mimetype. Is it the settings in options - applications (and if so where are they actually held) or is it the most recent plugin (based on file modification time?) that supports that mimetype.
(In reply to Georg Fritzsche [:gfritzsche] from comment #24) > Right, i was somehow thinking there was a separate Acrobat Pro installed - > but the plugin registry only shows slight mimetype differences, version > differences and description differences due to the version suffix. > > Maybe the PluginProvider could coalesce independent of the version here > (given the mime type constraint)? Just a reminder that I do have Adobe Acrobat 8 Pro installed on my machine. Not sure, however, that that's what you mean by "installed," Georg. Apologies if I've just slipped off-topic.
(In reply to Dave Townsend (:Mossop) from comment #25) > Coalescing is already kind of fragile, might be easier to just hide unusable > plugins entirely. I'd like to be sure how Firefox decides what plugin to use > for a given mimetype. Is it the settings in options - applications (and if > so where are they actually held) or is it the most recent plugin (based on > file modification time?) that supports that mimetype. I checked and Options->Applications doesn't affect embedded PDFs (only directly linked etc.). So we: * collect all plugins that support that mimetype * pick the plugin with the highest version number * in case of multiple plugins with the same version, the most-recently-modified wins If you plan to base coalescing on this, we should maybe expose a function for this in nsIPluginHost though (FindPreferredPlugin) so that we don't need to maintain & update two implementations? (In reply to Nat from comment #26) > Just a reminder that I do have Adobe Acrobat 8 Pro installed on my machine. > Not sure, however, that that's what you mean by "installed," Georg. Right, but the (outdated) plugin it installed isn't looking any different (naming, description) from the other (up-to-date) plugins.
I'm marking this bug as WONTFIX per bug #1269807. For more information see - https://blog.mozilla.org/futurereleases/2015/10/08/npapi-plugins-in-firefox/
Status: REOPENED → RESOLVED
Closed: 13 years ago8 years ago
Resolution: --- → WONTFIX
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: