Forum Thread: VLC media player plugin

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
VideoLAN
And, this specific program:
VLC media player 1.x

This thread has been marked as locked.
Peter J. Poodle VLC media player plugin
Member 27th Oct, 2010 11:25
Ranking: 0
Posts: 1
User Since: 2nd Jan, 2010
System Score: N/A
Location: N/A
When installing VLC media player, I elected not to install the browser plugins; yet, Secunia PSI 2.0 Beta still detects the plugin as being installed.

When I look at the plugin tab in Firefox, VLC is not listed.

Why does Secunia PSI detect the plugin as being installed?

Is Firefox really insecure if the plugin is not installed?

When I doubleclick on the insecure plugin listed on the secure browsing page, it opens a reference to the actual vlc program ("C:\Program Files (x86)\VideoLAN\VLC\vlc.exe").

I'm running Windows 7 64-bit version.
Firefox 3.6.11

This user no longer exists RE: VLC media player plugin
Secunia Official 27th Oct, 2010 12:41
Hi

It's true that only the Mozilla plugin is vulnerable (which must be manually selected during the installation of VLC).

Currently we only detect VLC Media Player and not the plugin separately.

Our reason for this is that the fix will most likely come in a regular VLC release which will first uninstall the old plugin, along with the old VLC installation (and then you must manually select the plugin again during the installation).

If the plugin had been available as a standalone program, then we would add it as a separate program.
kseventy RE: VLC media player plugin
Member 29th Oct, 2010 15:27
Score: 0
Posts: 1
User Since: 5th Aug 2008
System Score: N/A
Location: UK
If this is a Mozilla only issue then why does IE8 show VLC media player 1.x as insecure within PSI?
Was this reply relevant?
+0
-0
This user no longer exists RE: VLC media player plugin
Secunia Official 1st Nov, 2010 10:47
on 29th Oct, 2010 15:27, kseventy wrote:
If this is a Mozilla only issue then why does IE8 show VLC media player 1.x as insecure within PSI?


Currently we detect VLC 1.x as insecure because we do not detect the Mozilla plugin as a separate product.

Since VLC 1.x has plugins for the IE as well, it's also affecting IE and other browsers.

If you have not installed the Mozilla plugin, you should not be affected by the vulnerability, even if the PSI gives you the insecure warning.

Sorry for the inconvenience.

This thread has been marked as locked.