Firefox 33.0.1 reports VLC 2.1.3 as "Vulnerable"

Microsoft Windows specific usage questions
Forum rules
Please post only Windows specific questions in this forum category. If you don't know where to post, please read the different forums' rules. Thanks.
Neilium
New Cone
New Cone
Posts: 6
Joined: 28 Aug 2013 17:16

Firefox 33.0.1 reports VLC 2.1.3 as "Vulnerable"

Postby Neilium » 28 Oct 2014 15:46

Hi folks,
Sorry if this has already been addressed elsewhere, but I could not find anything in a search.

I have downloaded and installed the latest version of VLC (2.1.5) and have absolutely no problems with it.
The reason I'm posting here is because of a recurring problem with my browser.
I use Mozilla Firefox (current/latest version 33.0.1) and a plugin check reports VLC as being "vulnerable", showing the version to be "2.1.3".

I have repeatedly DL v2.1.5 and installed it several times, but the FF plugin check still reports v2.1.3.

Then I did a little checking of my own and found that the VLC Web Plugin (in Windows) shows that "NPVLC.DLL" is indeed still Product Version 2.1.3!
(I am going to try to attach a screenshot of this, if I can figure out how to do it.) <g>

Are there any plans to update this DLL?
Thanks in advance!

Rémi Denis-Courmont
Developer
Developer
Posts: 15265
Joined: 07 Jun 2004 16:01
VLC version: master
Operating System: Linux
Contact:

Re: Firefox 33.0.1 reports VLC 2.1.3 as "Vulnerable"

Postby Rémi Denis-Courmont » 28 Oct 2014 16:08

Firefox is checking the wrong value, or rather it is expecting the wrong value.
Rémi Denis-Courmont
https://www.remlab.net/
Private messages soliciting support will be systematically discarded

Neilium
New Cone
New Cone
Posts: 6
Joined: 28 Aug 2013 17:16

Re: Firefox 33.0.1 reports VLC 2.1.3 as "Vulnerable"

Postby Neilium » 29 Oct 2014 01:01

Hi, and thank you for replying!

Unfortunately, I have no idea what you mean by your answer.
Are you saying that version 2.1.3 is still supposed to be the current version and if so, what is the purpose of version 2.1.5 then???

If not, please explain?

Also, do you have any idea how to post an attachment here to my post? I'd like to show a small JPG screenshot.

Thanks in advance! :-)

Rémi Denis-Courmont
Developer
Developer
Posts: 15265
Joined: 07 Jun 2004 16:01
VLC version: master
Operating System: Linux
Contact:

Re: Firefox 33.0.1 reports VLC 2.1.3 as "Vulnerable"

Postby Rémi Denis-Courmont » 29 Oct 2014 07:43

There is no version "2.1.5" of the browser plugin. The last version of the browser plugin is "2.1.3".
Rémi Denis-Courmont
https://www.remlab.net/
Private messages soliciting support will be systematically discarded

Neilium
New Cone
New Cone
Posts: 6
Joined: 28 Aug 2013 17:16

Re: Firefox 33.0.1 reports VLC 2.1.3 as "Vulnerable"

Postby Neilium » 29 Oct 2014 16:43

[sigh] Yes, I see that!
Why would the newest version (2.1.5) have an old v2.1.3 plugin?

Rémi Denis-Courmont
Developer
Developer
Posts: 15265
Joined: 07 Jun 2004 16:01
VLC version: master
Operating System: Linux
Contact:

Re: Firefox 33.0.1 reports VLC 2.1.3 as "Vulnerable"

Postby Rémi Denis-Courmont » 29 Oct 2014 17:21

Because the plugin and the player have different release schedules? Because the plugin rarely needs updates?
Rémi Denis-Courmont
https://www.remlab.net/
Private messages soliciting support will be systematically discarded

Neilium
New Cone
New Cone
Posts: 6
Joined: 28 Aug 2013 17:16

Re: Firefox 33.0.1 reports VLC 2.1.3 as "Vulnerable"

Postby Neilium » 29 Oct 2014 17:25

OK, never-mind... Thank you for your time.

Pat_lan
New Cone
New Cone
Posts: 1
Joined: 10 Nov 2014 18:44

Re: Firefox 33.0.1 reports VLC 2.1.3 as "Vulnerable"

Postby Pat_lan » 10 Nov 2014 19:31

Hi.

I understood that the VLC plugin version is always 2.1.3, whilst Videolan current version is 2.1.5
But is the 2.1.3 version of the VLC plugin really vulnerable, as Firefox reports it ?
If yes, what are the risks ?

Best regards.

Rémi Denis-Courmont
Developer
Developer
Posts: 15265
Joined: 07 Jun 2004 16:01
VLC version: master
Operating System: Linux
Contact:

Re: Firefox 33.0.1 reports VLC 2.1.3 as "Vulnerable"

Postby Rémi Denis-Courmont » 10 Nov 2014 19:57

I am not aware of any security issue recently fixed in the VLC browser plugin.
Rémi Denis-Courmont
https://www.remlab.net/
Private messages soliciting support will be systematically discarded

spameur
New Cone
New Cone
Posts: 2
Joined: 14 Nov 2014 00:46

Re: Firefox 33.0.1 reports VLC 2.1.3 as "Vulnerable"

Postby spameur » 14 Nov 2014 01:00

So update the plugin version... please.
Merci d'avance, on gagnera tous du temps... :?

Ludrax
Big Cone-huna
Big Cone-huna
Posts: 568
Joined: 07 Jul 2010 14:28

Break the Rules

Postby Ludrax » 14 Nov 2014 01:09

Also, do you have any idea how to post an attachment here to my post? I'd like to show a small JPG screenshot.
:arrow: viewtopic.php?f=14&t=113077
An' if ain't broke, then don't try to fix it...

marrazzo
New Cone
New Cone
Posts: 2
Joined: 23 Nov 2014 15:55

Re: Firefox 33.0.1 reports VLC 2.1.3 as "Vulnerable"

Postby marrazzo » 23 Nov 2014 16:18

I am here for the same issue as Neilium.
Evidently I am not alone since there are a number of post inquiring about this matter, and a good number of views for each of these posts.

There really is no good reason to keep the plugin as a separate version number since the plugin operates with the VideoLAN application. It creates confusion and unnecessary concerns. You could point the finger at Mozilla for noticing that your version numbering system is aberrant, but I would ask that you unify the numbering systems between these VideoLAN product which operate interdependently and are delivered simultaneously from your servers.

Rémi Denis-Courmont
Developer
Developer
Posts: 15265
Joined: 07 Jun 2004 16:01
VLC version: master
Operating System: Linux
Contact:

Postby Rémi Denis-Courmont » 23 Nov 2014 17:22

They are not interdependent. VLC does not depend on the plugin at all. And the plugin version does not have to match its "contemporary" VLC version. You can very well use plugin version 2.1.3 with VLC 2.1.0 or obviously VLC 2.1.5 with plugin 2.1.3.

Changing the plugin version number blindly would require piss off third party distributors such as Linux distros, require more work for the overworked VLC team. So that is not making sense. It is mostly historical that the first two version numbers are identical.

But that is irrelevant really. The thing is that, the version of the web plugin says nothing about the bugs in the underlying VLC. So no matter how you put it, this is a Firefox problem. The current check in Firefox can give both false positive (as they currently do) and false negative results. It is just plain broken.

And I don´t need to mention that (not all but still) most of the "security bugs" affecting VLC lie in third party libraries (such as libav/FFmpeg) that are covered neither by the VLC nor the web plugin version anyway.
Rémi Denis-Courmont
https://www.remlab.net/
Private messages soliciting support will be systematically discarded

ingridm
New Cone
New Cone
Posts: 1
Joined: 12 Dec 2014 00:20

Re: Firefox 33.0.1 reports VLC 2.1.3 as "Vulnerable"

Postby ingridm » 12 Dec 2014 00:30

I've encountered the same problem.

I use Windows 64 bits and used the EXE file to update VLC.

After a few tests, I discovered that the files npvlc.dll and npvlc.dll.manifest were updated in this folder: C:\Program Files\VideoLAN\VLC
But not in this folder: C:\Program Files (x86)\VideoLAN\VLC
So I updated the files in this folder and now the error message is gone. :)

If required, you can extract the new DLL directly from the VLC ZIP file.

BTW, thanks to the VLC team, I've been using this free tool for years and it's my favorite for playing videos on my PC. :)
I'm frequently using it to learn how to play music scores using slow motion, I love the way it handles external subtitles, codecs, etc.

duhman
New Cone
New Cone
Posts: 1
Joined: 14 Dec 2014 21:51

Re: Firefox 33.0.1 reports VLC 2.1.3 as "Vulnerable"

Postby duhman » 15 Dec 2014 04:34

I am dealing with this firefox warning as well, but I cannot find the version 2.1.5 npvlc files in the decompressed installation files for VLC 2.1.5, as they are still version 2.1.3. Is it possible that the folks at VLC development somehow changed the file version for 7 - 64bit to version 2.15, when I see no windows OS specific downloads? I cannot understand how you could find them in the installation files, when I only see vers. 2.1.3 npvlc files.

I would sure like to see these version 2.15 files in my XP_SP3 system!

Any ideas, anyone? Are there somehow 2 versions for download, or did VLC somehow change back to version 2.1.3 for these files?

Rémi Denis-Courmont
Developer
Developer
Posts: 15265
Joined: 07 Jun 2004 16:01
VLC version: master
Operating System: Linux
Contact:

Re: Firefox 33.0.1 reports VLC 2.1.3 as "Vulnerable"

Postby Rémi Denis-Courmont » 15 Dec 2014 10:35

Again, there is no VLC web plugin version 2.1.5. The latest version ever released as of today is 2.1.3. Firefox just got the version numbers wrong.
Rémi Denis-Courmont
https://www.remlab.net/
Private messages soliciting support will be systematically discarded

evasive2014
New Cone
New Cone
Posts: 1
Joined: 15 Dec 2014 16:52

Re: Firefox 33.0.1 reports VLC 2.1.3 as "Vulnerable"

Postby evasive2014 » 15 Dec 2014 16:56

The npvlc.dll that is included in vlc-2.1.5-win64.exe reports its file version as 2.2.0
The npvlc.dll that is included in vlc-2.1.5-win64.exe reports its file version as 2.1.3

Sorry, but can you please correct your statement that the most recent 32bit version of the plugin is 2.1.3? Thank you.


Return to “VLC media player for Windows Troubleshooting”

Who is online

Users browsing this forum: Google [Bot] and 14 guests