Possible to prevent Firefox from loading two versions of Flash, without disabling PLID scan?
Our IT department—what a great way to start a question—does not roll out regular updates for Flash. To bridge this security gap for Firefox on my work computer, I copy the following files:
from C:\Windows\System32\Macromed\Flash on another machine and paste them to C:\Users\<myusername>\AppData\Roaming\Mozilla\Plugins on my work machine. When Firefox starts, it scans the various locations (http://kb.mozillazine.org/Plugin_scanning) and finds both this version and of course the outdated version originally installed, which IT does not update (currently 18.104.22.168). This effectively updates Flash, and until IT finds a solution to distribute updates I'll have to continue to update Flash manually (Java is unfortunately not so easy to fix), but still leaves me with a problem.
My perceived problem is that Firefox still scans the default installation directory of Flash and thus finds the outdated version. Under Add-ons > Plug-ins, I can select from "Ask to Activate," "Always Activate" and "Never Activate." If I select "Ask to Activate" for the current version (22.214.171.124) and "Never Activate" for the old version (126.96.36.199), upon restarting Firefox it sets both to "Ask to Activate." I conclude that Firefox does not treat separate Flash versions independently. Since constantly being prompted to activate Flash is bothersome, I could just set both to "Always Activate," but that leaves an old, even-more-compromised-than-the-current version of Flash activated.
The best solution, I suppose, would be to uninstall the outdated version of Flash, but I don't have the administrative rights to do so, and don't want to pester our IT administrators. I could prevent Firefox from scanning the directories specified in the Windows registry for PLIDs (see above link), but this would prevent it from finding my also-outdated-but-only-installed Java Plug-In, which I keep thinking I need. The behavior I'm after is to prevent Firefox from scanning or finding the old Flash version, while still finding my Java Plug-in. How could I go about this?
Additional System Details
- Shockwave Flash 12.0 r0
- NPRuntime Script Plug-in Library for Java(TM) Deploy
- Shockwave Flash 11.1 r102
- Fortinet SSL VPN FortiControl Firefox Plugin
- Fortinet SSL VPN CacheClean Firefox Plugin
- User Agent: Mozilla/5.0 (Windows NT 6.1; rv:26.0) Gecko/20100101 Firefox/26.0
Maybe you can check the pluginreg.dat file to see if you can disable/remove the other Flash plugin and make the file read-only to prevent changes.
You can use this button to go to the Firefox profile folder:
- Help > Troubleshooting Information > Profile Directory: Show Folder (Linux: Open Directory; Mac: Show in Finder)
Modified by cor-el