Firefox version 52 no longer supports 3rd party plugins. We started getting calls toward the end of last week, and then my workstation updated. It doesn't ask for permission, just updates. I can't find any older versions to revert to either, even torrent sites are clean. The really strange component is that when I transition clients to IE i find the passwords aren't working (LTS and Hik NVRS). I tested by copying the password and pasting in both browsers, and they work in Firefox but not IE. Re entering the password in Firefox seems to fix the issue. This is going to be one hell of a week! Time to start planning for IE making the same change I guess.
Firefox No Longer Supports 3rd Party Plugins!
To clarify, I have to access user settings in the firefox browser and reenter the same password, which then allows access through IE. It's really, really weird.
Firefox have a version that will support plugins until 2018 called Firefox ESR, download here.
Please note, only 32bit version (windows) will support plugins.
Just confirmed this and it's a HUGE development. If people are unwilling to uninstall their current version of Firefox and update to the ESR version it will effectively limit the use of the majority of security products out there to only one browser, Internet Explorer. It was pretty big when Chrome dropped NPAPI plug-ins and now Firefox. I wonder if the manufacturers were aware of this development???
I know, sad day. Firefox was my surveillance browser of choice for so long. Now we have to go to internet exploder.
Hope this is a wake up call to manufacturers, get your stuff to work in chrome and FF please!!!
While reading this article this happened...
Joseph - I just checked IE and it worked. If you have other problems let me know - happy to help.
This raises a question, is anyone working with a manufacturer that is utilizing HTML5 instead of plug-ins? We've been trying to get HTML5 as part of these devices for the past 2 years but no one would even consider it. I thought that when Chrome dumped NPAPI plug-ins that it would be a wake up call and development would be hastened to find a solution, but these manufacturers don't seem interested at all and would be just as happy to have everyone still using ActiveX controls with IE. I guess once the first one develops a working copy then they can all steal, I mean pirate, no I mean share it with each other.
I've asked every manufacturer I've talked to for the last 2-3 years about this... One thing I've noticed is that Chinese MFGs aren't so much actual partners that care about your market intelligence & suggestions and are interested in improving their products (just buy more now!). So they all brushed it off and none of them worked on this. I hope they're all reading this now because- "I told you so!"
I just installed ESR, it was super easy. I'm sending out a mass email, essentially telling my clients we are kicking the can down the road a year. So what next?
As an FYI to anyone who needs an older version of Firefox, every version is available here
What happens to the customers I have using Apple products? Can they get IE?
For those using Firefox with Hikvision, question: How were you viewing video before this new version?
I just went back to version 40 and can't get the Hikvision web components to install (so no video).
I used Firefox exclusively until the update. It was update 52.0 that disabled NPAPI-Plugins. Try going to 51.0
You can fix this in about:config
https://support.mozilla.org/t5/Videos-sound-pictures-and/Windows-Media-or-other-plugins-stopped-working-after-Firefox/ta-p/19391
This doesn't work. Firefox disabled NPAPI plugins which is different than most 3rd party plugins.
Good info though!
What you mean of "3rd party plugins" ?
I'm still using a lot of plugins after ver. 52
There seems to be some confusion here. Not all 3rd party plugins are disabled. Only the NPAPI plugin (which allowed for streaming video) was disabled in the recent 52.0 update.
Here's a link to the change log for the update: https://www.mozilla.org/en-US/firefox/52.0/releasenotes/
Here's a link explaining NPAPI and why they have removed support for it in the general version (not ESR): https://blog.mozilla.org/futurereleases/2015/10/08/npapi-plugins-in-firefox/
Very good point Ryan. Only NPAPI plug-ins are disabled because they operate in a very unsecured fashion within a browser. But, with having not seen any of the manufacturers within this industry having developed with an alternative such as HTML5, it pretty much encompasses all of their products.
This just keeps emphasizing the point that these manufacturers are not concerned with security or keeping up to date with anything involved with it. This change has been published as coming for a long time and Chrome did it in 2015. They just keep schlepping out the same stuff built in 2010 and we keep lapping it up because it's cheap and easy to do so and nobody wants to fight the fight to make them produce a better product if it will cost them that bit of change.
Try this, at ISC West in a few weeks, ask all the manufacturers if they've done any research into HTML5 or replacing these archaic plug-ins, I'm sure almost all will look at you the way your dog does when you ask it to solve calculus equations. I'll keep saying it until my eyes bleed (which is about 10 minutes away I think) this industry and these manufacturers have never embraced making a secure product and now that it's coming out more and more every day, they have no answers, only feints and distractions in hopes that some other shiny object will distract everyone's attention in the next few days.
Try this, at ISC West in a few weeks, ask all the manufacturers if they've done any research into HTML5 or replacing these archaic plug-ins, I'm sure almost all will look at you the way your dog does when you ask it to solve calculus equations.
Sounds like a plan.
Hanwha Q, X, and P series can be used without plugin. So can our new recorders.
Download our HTML5 whitepaper.
https://www.hanwhasecurity.com/resources/white-papers.html
We have seen the train coming for over two years and are actively developing a solution. Unfortunately, there is no "magic" bullet yet. One example is WebRTC does not support H.265.
No, there's no magic bullet. But there is an alternative that is already available.
It would just seem that the train was seen coming over 2 years ago and yet these multi-billion (yes with a B) dollar companies have made no effort to move the car out of the RR crossing zone. I guess when every penny is spent finding cheaper and cheaper components and figuring out how to make the old stuff work on said components that there's no room for looking to the future.
I found a temporary fix for this issue:
open a new browser tab in firefox
1. enter the following: about:config
2. you will be prompted with a security warning, accept
3. right click on the screen over one of the existing commands and go to "New" then select "Boolean"
4. enter the following: plugin.load_flash_only
5. accept/ok
6. set tag to "false"
7. accept/ok
8. press "shift+F2" to open command line
9. type "restart"
10. this will force firefox restart and when it comes back up you should be good to go
I think this was caused by the dropping of something called netscape. Firefox was the last browser using this protocol besides internet explorer. I would say this is a good thing. It may be negative at the moment but it should force innovation from security vendors.
Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.