Coming out of my work and browser poking during the previous Firefox post, I discovered some annoying things under the Firefox hood that I had no idea existed until I found them, then decided they MUST BE FIXED™ at all costs (despite causing no apparently direct negative impact to the browser from my end-user perspective).
As we saw in the previous GSD post, one of the processes that occurs after a Firefox update is automatic checking of Add-on compatibility with the new browser version. I generally don’t have any issues, but for whatever reason I paid it a bit more attention during the 10.0.1 update and noticed that I had two Add-ons that were not updated or compatible; “Search Helper Extension” and “HP Smart Web Printing”.
Both were automatically disabled, and this time, after brief consideration, I decided I didn’t need them. However when I went to remove them, I didn’t seem to have the ability to do so.
Take two aspirin…
While I could “Disable” the Search Helper Extension, the “Uninstall” button was grayed out. That was an easy fix after reading this How-To Geek blog post: Remove the Search Helper Extension from Firefox. I also read the comments and found like a commenter, I had to delete the “firefoxextension” folder files in two locations on my Windows 7 x64 system after ensuring Firefox was not running:
- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension
- C:\ProgramData\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension
Once I dumped those out, it no longer appeared in my Add-on list.
The HP Smart Web Printing Add on required a similar approach once closing out of Firefox. Delete the following folder:
- C:\Program Files\HP\Digital Imaging\smart web printing\MozillaAddOn3
These were easy fixes. The next issue was a major headache to track down.
Browser Plug In Updates, Updates, Updates!
First, in case you haven’t noticed, Adobe and Java both have been on a tear releasing security patch updates for their browser plugin software:
- Adobe Shockwave Player and RoboHelp for Word Patches - SANS ISC Diary
- Adobe Flash Player Update - SANS ISC Diary
- Java Update for February - SANS ISC Diary
- New Oracle Java and new Shockwave Player - IT Secure Site
There are lots of ways and means to updating your browser plug-ins. I typically just hop over to FileHippo and get the latest installers there to download and install on our systems. I just find it easier to grab them from here than mucking around on the Adobe/Java sites to get them. I guess it is a one-stop-shopping thing.
- Download Java Runtime Environment @ FileHippo.com - for both Java Runtime Environment 188.8.131.52 32-bit and 64-bit versions.
- Download Shockwave Player 184.108.40.2064 @ FileHippo.com
- Download Flash Player 220.127.116.11 (Non-IE) @ FileHippo.com
- Download Flash Player 18.104.22.168 (IE) @ FileHippo.com
Once downloaded, I just run and they get installed/updated and now my system (and Firefox browser) is now using the latest patched version. Simple. Right?
Well…not quite so fast there.
Plug In Update Migraine Time
Last night I read this post Flash Update — Check Your Plugins over at the Firefox Extension Guru's Blog. That shouldn’t have been a big deal as I had already updated all my plug-in versions.
Only the Guru reminded me (major senior moment) that Mozilla actually provides a link for you to confirm all your plug-ins are actually up to date. Two ways to get to the same place.
- In Firefox go to Tools > Add-ons and then click the super-tiny link at the top of the plug-in list “Check to see if your plugins are up to date”, or you can simply click the link below right now if you are reading this in Firefox.
- Firefox Web Browser — Plugin Check & Updates - Mozilla
I’ve since added a bookmark to that link on my main quick-link bookmark bar in Firefox so I won’t forget to check periodically. However, if you are the forgetful type, you could also add it as a second “home page” tab to automatically open when you launch Firefox each time.
Anyway, when I hit the link, a curiously “out of date” item appeared at the top of my list
This was curious as when I checked my Windows installed programs list, I had Adobe Acrobat Reader X installed, and yep, it was also listed there right below showing current and updated. Hmm.
So I launched my installed version of Adobe Reader X directly and manually checked for updates; nothing. It was fully patched and current.
So I uninstalled/reinstalled a fresh version of it. Rechecked the plug-in status in Firefox. Version 9.5.0 still there. Hmmm.
Time to break out the Naproxen
As I’ve already said, I run a semi-custom “portable” version of Firefox, so next I went over and checked in my \FirefoxPortable\Data\plugins directory and checked. Nope. Empty. This is the location where you can dump copies of plugin files (like for Flash/Shockwave/etc.). On my system Firefox was automatically calling them from their installed location on my system, so my directory there was empty although the plug-ins still worked. Back to this later but in my first troubleshooting process, I copied the most recent patched plug-in files for Adobe Flash, Reader, and Shockwave into that location. No fix. For now, you can reference these PortableApps links if you are curious about including “local to the portable Firefox” plug-in options:
- Installing Plugins (Java, Flash, Shockwave, etc.) - PortableApps.com
- Configuring Helper Apps (PDF reader, document viewers, etc) - PortableApps.com
- Mozilla Firefox, Portable Edition Support - PortableApps.com
So if I only had Adobe Reader X installed, why was Mozilla insisting I was still using Adobe Acrobat plugin for Firefox version 9.5.0?
More research led me to these MozillaZine links:
Neither of these had a direct-fix but in combination with careful reading it put me on the right track for discovering the issue and fixing it.
- First I opened up about:plugins in a new Firefox tab. This provided a technical listing of all my Firefox plug-ins.
- I found that both Adobe Acrobat Reader 9.5.0 and Adobe Acrobat Reader 10.1.2 plug-ins were listed.
- I knew from the first MozillaZine link that the actual Adobe Acrobat Reader plug-in file I was dealing with is named “nppdf32.dll”.
- Unfortunately, the default about:plugins view didn’t contain quite enough detail.
- Using a tip in the second MozillaZine link, I opened up about:config and found the plugin.expose_full_path preference and toggled it to “True”.
- I then reloaded the about:plugins tab and re-examined the two Adobe Reader plugin entries. Voilla!
If you look carefully at the info in that image, you will find that my portable Firefox build was actually loading both the current Adobe Reader 10.1.2 plugin file from the portable “plugins” folder where I had dropped it. However, it had also found and registered (?) the same Adobe Reader file (but outdated version 22.214.171.1240) from an obscure folder location when I had installed a hand-me-down-from-my-brother Adobe Acrobat Pro 9 installation. A really seriously obscure folder location. Gads!
My “fix” was to simply shut down Firefox and wait for all related Firefox processes to terminate. Then I copied the 10.1.2 version of nppdf32.dll over into the same folder that had that old version and overwrite it.
For good measure I also followed the first part of the “method 2” tip on the MozillaZine page for Disabling the browser plugin. This was to Close your Mozilla application, delete the file "pluginreg.dat" from the profile folder location and recheck about:plugins.
Now only the version 10.1.2 Adobe Acrobat Reader plug-in was listed, and as found in my portable “plugins” directory. For the final confirmation I popped over to Firefox Web Browser — Plugin Check & Updates to let it rescan and report.
All the critical plug-ins were now showing Up to Date.
But that wasn’t the end of the story. Claus was on an Adobe product updating search-n-destroy tear now.
There’s More to the Story Here!
Since I knew the names of a few of these critical Windows plug-ins, I did some system-wide scans looking for those files:
- Flash plug-in (for Firefox): NPSWF32.dll
- Shockwave plug-in: np32dsw.dll
- Adobe Reader plug-in: nppdf32.dll
For the Flash plug-in, I discovered 13 instances of the file on my own system in a total of 6 different versions!
So if you normally run the Adobe Flash update installer (for non-IE versions) and expect it to simply and automatically update your Adobe Flash file system-wide, you may be woefully surprised (as I was) that isn’t necessarily going to be true. I guess I need to now copy the “latest” version myself into all those locations to overwrite the present version…assuming the new version is fully compatible with the applications calling it from those locations. That may not be the case!
The Adobe Flash update for IE versions is much simpler to manage. A check in the IE add-ons manager reveals the IE version of Flash is named “Flash11f.ocx”. I found it installed on my system in only one location…where it should be…and it was current.
More details on Adobe Flash plugins/tips/techncials here: Installation problems - Windows Flash Player @ Adobe
Of curious note, that original version for the Chrome plugin folder was also seriously outdated. One of the benefits of using Google Chrome is that it is supposed to automatically keep its own version of Flash updated; Adobe Flash Player plug-in - Google Chrome Help. The Chrome included version is named “gcswf32.dll” but since “NPSWF32.dll” was showing up for some reason rather than the Google Chrome version, I had to copy/paste the newest “NPSWF32.dll” into the folder to overwrite the outdated version with the current patched version.
One more thing to keep an eye on in my 2nd-favorite browser now. Sheesh.
There is lots of good info on that Google Chrome Flash Player link, so I highly recommend you read it, and then follow the following steps to familiarize yourself with the Chrome Plug ins in use as well:
- Type chrome:plugins in the address bar to open the Plug-ins page.
- On the Plug-ins page that appears, find the "Flash" listing.
- To view additional details on the actual plug ins used and their file-path locations, click Details in the upper-right corner of the page to display more technical file/plug in information on the page.
The Shockwave file “np32dsw.dll” fared better. It was found in just two places on my system, the main install location as well as a copy of that original I had placed in my portable Firefox plugins folder
What about the Adobe Reader plugin file “nppdf32.dll”? Better? Mostly.
It was found a total of eight times system-wide in three different versions. The two older versions were in installation “$PatchCache$” folder locations so those didn’t appear likely to be accessed “live”. All the others were at the current patched version so I guess things are better there. IE and Chrome also use that same file (assuming you use Adobe Reader as your plugin and not a different/alternative PDF reader/plugin solution). You can go through the same processes mentioned earlier in both IE and Chrome to confirm that plug-in file/version if you wish.
- How to determine what version of Adobe AIR runtime is installed (Mac, Windows, and Linux) - Adobe
- New Oracle Java and new Shockwave Player - IT Secure Site
Flash for Firefox - Sandbox Beta Edition
And if all this (just the mainstream/public versions of Adobe Flash and keeping it updated/secure) isn’t enough, Adobe now has a “special sauce” version for Firefox that introduces a “sandboxing” feature for added security!
- Adobe releases beta version of sandboxed Flash for Firefox - The H Security
- Adobe AIR and Adobe Flash Player Incubator | 3D Flash APIs - Adobe Labs. From that page:
Flash Player Protected Mode Features
The current Incubator release provides access to Flash Player Protected Mode for Mozilla Firefox on Windows 7 and Windows Vista systems.
Flash Player Protected Mode is a new security enhancement designed to limit the impact of attacks launched from malicious SWF files against Flash Player when running in Firefox on Windows Vista and higher. We are working aggressively to make Flash Player more secure, and Protected Mode is a critical component in our strategy. The current beta targets Windows desktop operating systems. We are working to extend similar protections to other browsers in the future.
Note: The extensive low-level changes made in this beta release may introduce unexpected problems in existing Flash content.
Keeping an Eye on the Updates - Third Party Style
There are a number of third-party tools/sites to also check your system patching for these to various degrees of depth:
- Qualys BrowserCheck - run a plug-in scan on IE, Firefox, or Chrome. Fast and easy. Bookmark this now! On-line scan or browser-specific plug-in versions available.
- The Secunia Online Software Inspector (OSI) - on-line scan for insecure plug-in versions as well as additional common software applications. For a more thorough solution, consider installing Secunia’s Personal Software Inspector (PSI) version.
- FileHippo.com Update Checker - FileHippo.com
I highly recommend you regularly use all of these to do some first-line software patch checking of your Windows system. For a basic starting place, make a note to check all of these locations at least every "Microsoft Black Tuesday” when you are checking for and applying your Windows updates, Mm-kay?
You are checking for and applying your Windows updates right?