Web Plugin 2.0.8 Not Installing Firefox

[SevenFactors]

Hello World.

I just upgraded VLC from 2.0.6 to 2.0.8. As usual I have the wizard install the Mozilla web plugin yet this time around the wizard is failing to install the web plugin, Firefox is still showing VLC VLC media player Web Plugin 2.0.6.

Are there issues with the VLC win32 wizard?

This is on a Windows 7 64bit machine.

[Sleepwalker3]

I also have this same problem, VLC 2.0.8 is installed, but the plug-in still shows as 2.0.6.0

Running Vista 32 SP1 FF22 and now FF23 (both had the same problem)

Can anybody advise please?

[CyberGranni]

I too have the same problem. Just downloaded 2.0.8 and now there is no extension or plug-in for it in Firefox. Running Windows 7 on a 64 machine.

[Voynich]

Same here.Seems that vlc.exe is version 2.0.8 ,but the web plug-in file, npvlc.dll is the old version 2.0.6. Firefox is saying it is vulnerable and needs to be updated.
Running Win 7 ultimate 64 and FF 23.0.

[funman]

Sorry people, this just shows that Mozilla people are stupid.

What is vulnerable is the VLC version and not the plugin, Mozilla should check VLC version and not plugin version.

If you are on 2.0.8 you are safe.

[mbgtmari]

Same problem here. Running vlc-2.0.8-win32(1) on Windows 7 professional (64bit) and FF 23.0. 1. When I'm checking my plugins Mozilla tells me my plug-in shown as 2.0.6.0 is outdated but clicking on the ”Update now” arrow doesn't update it What happens is I'm taken to the VideoLAN.org site where I can download the newest version of VLC a second time.

EDIT I've just found this thread: https://forum.videolan.org/viewtopic.php?f=2&t=113063
And I'm going to do exactly as Xircal did: disable the FF plugin for the time being, looking forward to a solution to the problem.

[Voynich]

Sorry people, this just shows that Mozilla people are stupid.

What is vulnerable is the VLC version and not the plugin, Mozilla should check VLC version and not plugin version.

If you are on 2.0.8 you are safe.

Can you give me some informations about what was vulnerable in VLC 2.0.6 ?
I don´t understand why the player should cause any problems,it´s the plugin what´s been used from firefox.
Or do you mean the checkmethod of Mozilla is not correct and if they check the version no warning would appear?

[Jean-Baptiste Kempf]

Or do you mean the checkmethod of Mozilla is not correct and if they check the version no warning would appear?

Yes.

The plugin is unchanged between 2.0.6 and 2.0.8. The security issues are on the libraries. Mozilla, should have contacted us, before doing things without checking...

[Voynich]

Ok,thank you for these infos.Maybe we get rid of this problem when version 2.1. appears.

[Jean-Baptiste Kempf]

Yes.

[Chad.Farmer]

Sorry people, this just shows that Mozilla people are stupid.

What is vulnerable is the VLC version and not the plugin, Mozilla should check VLC version and not plugin version.

If you are on 2.0.8 you are safe.

To avoid confusing users, I suggest you reconsider your policy for built-in version identification. When I install a 2.0.8 package, I expect the package to be 2.0.8 regardless of the detailed change history of individual files.

After installing VLC 2.0.8, libvlc.dll and libvlccore.dll identify themselves as 2.0.6, not just npvlc.dll. Of course there are >200 .dll files beneath the VLC installation folder that do not contain version identification (as reported by Windows Explorer). The 2.0.8 release installs a VLC folder containing 6 files that have build-in version identification. Only 2 of the files say 2.0.8 while the other 4 say 2.0.6.

I have no connection to Mozilla, but expecting the plugin you provide to interface with Firefox to identify the installed VLC version seems reasonable to me. Or perhaps I'm also just stupid.

[Jean-Baptiste Kempf]

The Mozilla plugin uses a different way of finding the version that is totally unrelated to the dll versionning.

[BBm]

Mozilla reads the version in the DLL. Do you know another way without knowing about relations between software modules.
Firefox doesn't know vlc, it only knows the plugin. And this is version 2.06!

[Rémi Denis-Courmont]

Sorry people, this just shows that Mozilla people are stupid.

What is vulnerable is the VLC version and not the plugin, Mozilla should check VLC version and not plugin version.

If you are on 2.0.8 you are safe.

To avoid confusing users, I suggest you reconsider your policy for built-in version identification.

The version number of the web plugin is the version number of the web plugin. You can run version 2.0.6 of the web plugin on top of version 2.0.4 of the library (libvlc.dll) if you want. They are linked dynamically afterall. Similarly, you can keep using an old libvlc.dll and selectively update plugin DLLs and since security issues are almost always within plugins, some people do just that.

All in all, the version number of the web plugin says absolutely nothing regarding the freshness of the library, and the version of the library says nothing of the freshness of the plugins and the underlying open-source components.

When I install a 2.0.8 package, I expect the package to be 2.0.8 regardless of the detailed change history of individual files.

This makes no sense whatsoever. The VLC installer is the combination of tens of different open-source packages, each with its own version number. Most of them are not even maintained by the VideoLAN team. Keeping the same master version number for all of them is essentially impossible.

After installing VLC 2.0.8, libvlc.dll and libvlccore.dll identify themselves as 2.0.6, not just npvlc.dll.

Last I checked, Windows did not have the same version number in all of its DLLs either.

[Jean-Baptiste Kempf]

Mozilla reads the version in the DLL.

Not at the place you think it does.

[piskozub]

"Sorry people, this just shows that Mozilla people are stupid."

Saying such things on a public forum is... well, immature.

I was once involved with mozilla.com as a volunteer. I built Firefox hundreds of time on Windows and Linux. This is why I know the reason for this culture clash.

Yes, this is an misunderstanding and it comes from the difference in the way Mozilla products (including Firefox) and VLC are being built. Mozilla has a fully automatic build system. You enter the version number only once and every module and library will show the same version. This has nothing to to with the fact they have been changed. Therefore Firefox engineers expect that if you check the number of one library (for example the plugin), you know the version number of the whole product.

You may call that stupid but why does it work with every other plugin checked by Firefox? In fact, this is a rhetoric question.

[Rémi Denis-Courmont]

The problem is not checking the plugin version.

The problem is requiring a plugin version (2.0.8 ) that never existed and never even was announced by VideoLAN. I must agree with Rafaël that this is indeed stupid. Basically, someone just input some VLC plugin version number somewhere in Firefox code or database without even checking that it made sense.

So right, we now get a huge pile of incorrect bug reports and support requests become some, which we have to deal with on our free time. We have every reasons to be pissed.

[affinityv]

This problem is not unique to the VLC plugin, I regularly see issues with Adobe plugins on various versions of Windows when I update client machines; you update the "out of date / vulnerable" software and the plugin checker doesn't /agree/ that the upgrade has taken place....

[Ludrax]

Putting Users in Control of Plugins

I regularly see issues with Adobe plugins on various versions of Windows when I update client machines

did you know Security is the prime concern with Firefox support.

[affinityv]

Putting Users in Control of Plugins

I regularly see issues with Adobe plugins on various versions of Windows when I update client machines

did you know Security is the prime concern with Firefox support.

I do appreciate that Firefox support takes security as a prime concern, but when the plugin checker gets it wrong, then the plugin checker gets less trusted and ordinary users will be lost ... and let's face it, too many /ordinary/ users (the majority), have no idea that plugin checker even exists. The plugin check must be accurate, reliable and trustworthy.

[Rémi Denis-Courmont]

The fact is that the Mozilla Firefox is checking, depending on your perspective, for an inexistant version 2.0.8 of the VLC web plugin, or for version 2.0.8 of LibVLC in the wrong place.

[HatGuy]

Having worked on projects that were much more modest than vlc, I am sympathetic to developers' frustrations. But . . .

Firefox lets itself be extended by plug-ins and add-ons that, among other things, are not on a list of potential security risks. Apparently, VLC 2.0.6 was on the list.

Clicking Firefox's "Update Now" button for VLC yields a download named vlc-2.0.8-win32.exe that behaves like every other VLC installer I've used.

Some files in vlc-2.0.8-win32.exe report that their version is 2.0.6, which is on Firefox's list of security risks, so Firefox reports the current VLC version as 2.0.6 even though version 2.0.8 was just installed and is listed in the registry.

I'm sympathetic to your frustrations, but for all I know Firefox tests files and the registry, and flags extensions that report more than one version. How could Firefox _easily_ know which of more than one version was correct, or that the vulnerability was in a library rather than some other kind of file?

Bottom line: Asking VLC developers to run a script that updates all files' versions before packaging them for download seems more reasonable than asking Firefox developers to complicate a process that lets VLC reach users who would more or less happily use a less-capable substitute if VLC was not available.

Justs one guy's two cents.

I run Windows 7 Starter on a netbook, Pro on two desktops, and Enterprise on a desktop (all are fully updated), Firefox 23.0.1, and VLC 2.0.6 / 2.0.8.

Best,

HatGuy

[Rémi Denis-Courmont]

The point is that Firefox guys did not test what they were doing there, and their assumptions were wrong. And it is the VLC users and developers that suffer the consequences.

So of course, we are pissed.

[DrWattsOn]

I held off until today to update Firefox 22 to 23, to give time for bugs to be ironed out. While I could certainly learn to code, I choose not to. However, I find that so far, these "coders" who have indeed created some wonderful products, have engaged in a war that ignores the User. It is me, the User, that you are supposed to be concerned about "impressing" and now I find that, after two re-installs of VLC 2.0.8, I checked all the Firefox info and went to the VLC install directory and voila! There it sits, several dll's ver 2.0.6. So ok, have your war with MozDev, with whom in this instance I agree: Change a program ver: change the dll "Details" to match. And yes, what a headache .
Meanwhile, please, have the courtesy to address the User (that be ME!) and let me know if it's ok to just ignore Firefox 23's complaints re the VLC plugin, that probably is still just as safe as ever. Or must I disable it?
DrWattsOn
PS I am a LONG time user of VLC, and I am amazed at that program and what I am allowed to do using it. You can check that in your donations.

[noobishnoob]

I have a solution for people that I just did to get the correct version to display in firefox. I manually edited the version number after I uninstalled my old version and installed the new 2.0.8 version.
I downloaded Heaventools Visual Resource Tuner. After installing this software that has a 30 day free trial I ran the program. I opened this file npvlc.dll located on my pc by default install path c:\Program Files\VideoLAN\npvlc.dll. Using this program manually change all the 2.0.6 information you see to 2.0.8. Save and all finished. Restart firefox and check your updates, it will display 2.0.8 up-to-date.

Basically I just changed the version number of the file npvlc.dll from 2.0.6 to 2.0.8 seeing as this is the plugin that Firefox uses to check the version info from. Took me no more than 15 seconds to do either. Hope this helps people like me that want to see everything up to date.