Report Vulnerable Plugins


CD should show vulnerable plugins (see screenshot).

For example, major vulnerabilites should be highlighted as red and minor could be orange (or yellow in this example). Plugins that are green are not vulnerable. This page should also give you the option to disable any plugins and also alert you to any updates that may fix the vulnerablity.


[attachment deleted by admin]

That’s quite complex. It means pulling all the CVEs into Dragon and separating out which plugins you have and going from there or Dragon submits a list of plugins to Comodo and we report back the findings, which we at Comodo find. (It would need to be updated daily). It would take a lot of resources to do and might be a bit a of a privacy concern. :stuck_out_tongue:

Perhaps something among the lines of Mozilla’s Helping users keep plugins updated? (though it looks the do plenty more now)

Perhaps no complex parsing would be involved if list of plugins would be restricted to the most frequently exploited ones, this way it would be possible to setup an https feed and have Dragon parse it on the client-side.

The plugin list could be checked each time Dragon is lauched and downloaded only if outdated (eg by comparing the hash of the local version)

Users could be notified using a dynamically generated page which explain the benefit of such practice but provide them an option to disable it as well.

Even an online notification version looks possible.

if they do an online version of plugin update checks then a link to the plugin check site needs to be in somewhere in the browser its self like how firefox 3.6 was. firefox 4 and 5 took the link out to check plugins and currently is only able to check extensions for updates which is really stupid on mozillas part. so right now the only way to check for updates to plugins using mozillas update page with firefox is to know the site and go to it manually. mozillas plugin check site works with other browsers so you guys could post a link to their site within dragon its self until you get your own implemintation