Subscriber Discussion

Firefox No Longer Supports 3rd Party Plugins!

Avatar
Joseph Parker
Mar 20, 2017

Firefox version 52 no longer supports 3rd party plugins.  We started getting calls toward the end of last week, and then my workstation updated.  It doesn't ask for permission, just updates.  I can't find any older versions to revert to either, even torrent sites are clean.  The really strange component is that when I transition clients to IE i find the passwords aren't working (LTS and Hik NVRS).  I tested by copying the password and pasting in both browsers, and they work in Firefox but not IE.  Re entering the password in Firefox seems to fix the issue.  This is going to be one hell of a week!  Time to start planning for IE making the same change I guess.  

Avatar
Joseph Parker
Mar 20, 2017

To clarify, I have to access user settings in the firefox browser and reenter the same password, which then allows access through IE.  It's really, really weird. 

UI
Undisclosed Integrator #1
Mar 20, 2017

Firefox have a version that will support plugins until 2018 called Firefox ESR, download here.

Please note, only 32bit version (windows) will support plugins. 

(2)
Avatar
Joseph Parker
Mar 20, 2017

Awesome, thanks!  How did I miss that?

UD
Undisclosed Distributor #2
Mar 20, 2017

Just confirmed this and it's a HUGE development.  If people are unwilling to uninstall their current version of Firefox and update to the ESR version it will effectively limit the use of the majority of security products out there to only one browser, Internet Explorer.  It was pretty big when Chrome dropped NPAPI plug-ins and now Firefox.  I wonder if the manufacturers were aware of this development???

(2)
(1)
Avatar
Sean Nelson
Mar 20, 2017
Nelly's Security

I know, sad day. Firefox was my surveillance browser of choice for so long. Now we have to go to internet exploder.

 

Hope this is a wake up call to manufacturers, get your stuff to work in chrome and FF please!!!

(3)
U
Undisclosed #4
Mar 21, 2017

Hanwha is woke!

RO
Ryan O'Daniel
Mar 20, 2017
IPVMU Certified

While reading this article this happened...

(4)
Avatar
John Scanlan
Mar 20, 2017
IPVM • IPVMU Certified

Joseph - I just checked IE and it worked.  If you have other problems let me know - happy to help.

UD
Undisclosed Distributor #2
Mar 20, 2017

This raises a question, is anyone working with a manufacturer that is utilizing HTML5 instead of plug-ins?  We've been trying to get HTML5 as part of these devices for the past 2 years but no one would even consider it.  I thought that when Chrome dumped NPAPI plug-ins that it would be a wake up call and development would be hastened to find a solution, but these manufacturers don't seem interested at all and would be just as happy to have everyone still using ActiveX controls with IE.  I guess once the first one develops a working copy then they can all steal, I mean pirate, no I mean share it with each other.

 

(1)
UD
Undisclosed Distributor #7
Mar 20, 2017

I've asked every manufacturer I've talked to for the last 2-3 years about this... One thing I've noticed is that Chinese MFGs aren't so much actual partners that care about your market intelligence & suggestions and are interested in improving their products (just buy more now!). So they all brushed it off and none of them worked on this. I hope they're all reading this now because- "I told you so!"

(3)
Avatar
Joseph Parker
Mar 20, 2017

I just installed ESR, it was super easy.  I'm sending out a mass email, essentially telling my clients we are kicking the can down the road a year.  So what next?  

KE
Kahn Ely
Mar 20, 2017
(4)
UI
Undisclosed Integrator #3
Mar 20, 2017

What happens to the customers I have using Apple products? Can they get IE?

 

(1)
Avatar
Ethan Ace
Mar 20, 2017

For those using Firefox with Hikvision, question: How were you viewing video before this new version?

I just went back to version 40 and can't get the Hikvision web components to install (so no video).

RO
Ryan O'Daniel
Mar 21, 2017
IPVMU Certified

I used Firefox exclusively until the update.  It was update 52.0 that disabled NPAPI-Plugins.  Try going to 51.0

U
Undisclosed #4
Mar 21, 2017

You can fix this in about:config

 

https://support.mozilla.org/t5/Videos-sound-pictures-and/Windows-Media-or-other-plugins-stopped-working-after-Firefox/ta-p/19391

RO
Ryan O'Daniel
Mar 21, 2017
IPVMU Certified

This doesn't work.  Firefox disabled NPAPI plugins which is different than most 3rd party plugins.

 

Good info though!

UM
Undisclosed Manufacturer #5
Mar 21, 2017

What you mean of "3rd party plugins" ?
I'm still using a lot of plugins after ver. 52

RO
Ryan O'Daniel
Mar 21, 2017
IPVMU Certified

There seems to be some confusion here.  Not all 3rd party plugins are disabled.  Only the NPAPI plugin (which allowed for streaming video) was disabled in the recent 52.0 update. 

 

 

Here's a link to the change log for the update: https://www.mozilla.org/en-US/firefox/52.0/releasenotes/

Here's a link explaining NPAPI and why they have removed support for it in the general version (not ESR): https://blog.mozilla.org/futurereleases/2015/10/08/npapi-plugins-in-firefox/

(2)
UD
Undisclosed Distributor #2
Mar 21, 2017

Very good point Ryan.  Only NPAPI plug-ins are disabled because they operate in a very unsecured fashion within a browser.  But, with having not seen any of the manufacturers within this industry having developed with an alternative such as HTML5, it pretty much encompasses all of their products.

This just keeps emphasizing the point that these manufacturers are not concerned with security or keeping up to date with anything involved with it.  This change has been published as coming for a long time and Chrome did it in 2015.  They just keep schlepping out the same stuff built in 2010 and we keep lapping it up because it's cheap and easy to do so and nobody wants to fight the fight to make them produce a better product if it will cost them that bit of change.

Try this, at ISC West in a few weeks, ask all the manufacturers if they've done any research into HTML5 or replacing these archaic plug-ins, I'm sure almost all will look at you the way your dog does when you ask it to solve calculus equations.  I'll keep saying it until my eyes bleed (which is about 10 minutes away I think) this industry and these manufacturers have never embraced making a secure product and now that it's coming out more and more every day, they have no answers, only feints and distractions in hopes that some other shiny object will distract everyone's attention in the next few days.

 

Avatar
Ari Erenthal
Mar 21, 2017

Try this, at ISC West in a few weeks, ask all the manufacturers if they've done any research into HTML5 or replacing these archaic plug-ins, I'm sure almost all will look at you the way your dog does when you ask it to solve calculus equations.

Sounds like a plan. 

(1)
RM
Ryan Masters
Mar 21, 2017

Hanwha Q, X, and P series can be used without plugin. So can our new recorders.

Download our HTML5 whitepaper.

 

https://www.hanwhasecurity.com/resources/white-papers.html

UM
Undisclosed Manufacturer #6
Mar 21, 2017

We have seen the train coming for over two years and are actively developing a solution.  Unfortunately, there is no "magic" bullet yet.  One example is WebRTC does not support H.265.

UD
Undisclosed Distributor #7
Mar 21, 2017

No, there's no magic bullet. But there is an alternative that is already available.

(1)
UD
Undisclosed Distributor #2
Mar 21, 2017

It would just seem that the train was seen coming over 2 years ago and yet these multi-billion (yes with a B) dollar companies have made no effort to move the car out of the RR crossing zone.  I guess when every penny is spent finding cheaper and cheaper components and figuring out how to make the old stuff work on said components that there's no room for looking to the future.

(1)
RO
Ryan O'Daniel
Mar 27, 2017
IPVMU Certified

I found a temporary fix for this issue:

open a new browser tab in firefox
1. enter the following: about:config
2. you will be prompted with a security warning, accept
3. right click on the screen over one of the existing commands and go to "New" then select "Boolean"
4. enter the following: plugin.load_flash_only
5. accept/ok
6. set tag to "false"
7. accept/ok
8. press "shift+F2" to open command line
9. type "restart"
10. this will force firefox restart and when it comes back up you should be good to go

(1)
WM
Will McCubbins
Mar 29, 2017

I think this was caused by the dropping of something called netscape. Firefox was the last browser using this protocol besides internet explorer. I would say this is a good thing. It may be negative at the moment but it should force innovation from security vendors. 

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions