Forum Thread: Adobe Flash plugin detection

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
tgmct Adobe Flash plugin detection
Member 3rd Aug, 2010 08:55
Ranking: 0
Posts: 28
User Since: 3rd Aug, 2010
System Score: N/A
Location: US
I have a Win XP SP3 environment (32 bit) with a number of web browsers installed. I have both of the Adobe Flash modules installed on this system to support all of them (active X and mozilla based). For some reason PSI does not recognize that the Adobe Flash plugin is used with the Opera 10.x and SeaMonkey 2.x web browsers. The Flash plugin is working in all my browsers (verified). PSI does recognize that Flash is used with MSIE, Firefox, and Safari though. Another diddly is the fact that Opera uses its own java engine instead of the Sun engine that is displayed in the Opera browser module list.

This user no longer exists RE: Adobe Flash plugin detection
Member 3rd Aug, 2010 09:31
Hi,

Is flash shown for the other browsers if you rescan?
Was this reply relevant?
+0
-0
tgmct RE: Adobe Flash plugin detection
Member 3rd Aug, 2010 10:20
Score: 0
Posts: 28
User Since: 3rd Aug 2010
System Score: N/A
Location: US
on 3rd Aug, 2010 09:31, wrote:
Is flash shown for the other browsers if you rescan?


Yes, Adobe Flash is displayed as present for MSIE, Firefox, and Safari and has never been an issue with these. It is not in the plugin list for Opera 10.x or SeaMonkey 2.x even though it is operational in both browsers. Also, be aware that most web browsers are looking at a common install location that is NOT under the browser directory tree. In other words, most of the plugins are not installing themselves in the \Program Files\<browser name>\plugins directory any more. My guess is that PSI may be doing the same thing but for some reason someone forgot to add the Flash plugin to the list of possibilities for SeaMonkey or Opera.
Was this reply relevant?
+0
-0
This user no longer exists RE: Adobe Flash plugin detection
Member 3rd Aug, 2010 10:29
Hi,

Your reply still left me somewhat unsure, so could you please be exact, have you rescanned *right now*, and if so, does Flash show up for all browsers that have the plugin installed?
Was this reply relevant?
+0
-0
tgmct RE: Adobe Flash plugin detection
Member 3rd Aug, 2010 11:19
Score: 0
Posts: 28
User Since: 3rd Aug 2010
System Score: N/A
Location: US
Lets try to explain this a little differently and maybe you will understand...

Adobe Flash used to install itself into the individual plugin directories for each browser. This used to be the somewhat standard practice for most plugins in the past. With all of the different browsers that have come on the scene in the past couple of years, Adobe decided to change their installation process and only install the plugin in a central location. It became the responsibility of the web browser vendors to go lookup compatible plugins in the registry and link each of them into the browser at run time. It's not just Flash that's doing this but other applications/environments such a Acrobat Reader, Sun/Oracle Java, and some others are doing the same thing. This is not a consistent thing where some vendors continue to use the old school method (Apple Quicktime is a good example).

Now I'm talking about the module lists that appear in the "Secure Browsing" tab of PSI. Adobe Flash shows in my machine's browser lists for MSIE, Safari, and Firefox. It does not show up in the lists for Opera or SeaMonkey. By comparison Acrobat Reader shows up in all of the browser lists. Neither one of these plugins are installed in the individual browser plugin directories.

I certainly understand the challenge that your developers are facing where the number of different installation methods for software applications are very diverse to say the least. My guess is that PSI is probably doing a similar thing at scan time to go through the registry and a number of other possible file locations and configuration files and then worm its way through a matrix of rules and then evaluate the possibilities to come up with the Secure Browsing list. I suspect that the Flash application might be missing from some of the PSI matrix rules for a couple of the browsers. OK, all of this is somewhat of a guess on my part but it comes from a day when I used to spec out and write code that was just as convoluted (maybe worse). It's just a necessity of the software environment that Microsoft painted us into the corner with. The totally inconsistent methods used to perform patching is even more difficult to evaluate and apply. Yes, I know the territory.

Does this explanation help?
Was this reply relevant?
+0
-0
This user no longer exists RE: Adobe Flash plugin detection
Member 3rd Aug, 2010 11:23
Last edited on 3rd Aug, 2010 11:24 Hi,

The explaination wasn't really necessary. I just need to know whether you've rescanned, and checked the Secure Browsing tab again.

If you want to understand how the Secunia PSI works, have a look here:
http://secunia.com/vulnerability_scanning/personal...
Was this reply relevant?
+0
-0
tgmct RE: Adobe Flash plugin detection
Member 3rd Aug, 2010 18:15
Score: 0
Posts: 28
User Since: 3rd Aug 2010
System Score: N/A
Location: US
Yes, the machine was scanned yet again with the same results.
Was this reply relevant?
+0
-0

This thread has been marked as locked.