Firefox 33.0.1 reports VLC 2.1.3 as "Vulnerable"

[Neilium]

Hi folks,
Sorry if this has already been addressed elsewhere, but I could not find anything in a search.

I have downloaded and installed the latest version of VLC (2.1.5) and have absolutely no problems with it.
The reason I'm posting here is because of a recurring problem with my browser.
I use Mozilla Firefox (current/latest version 33.0.1) and a plugin check reports VLC as being "vulnerable", showing the version to be "2.1.3".

I have repeatedly DL v2.1.5 and installed it several times, but the FF plugin check still reports v2.1.3.

Then I did a little checking of my own and found that the VLC Web Plugin (in Windows) shows that "NPVLC.DLL" is indeed still Product Version 2.1.3!
(I am going to try to attach a screenshot of this, if I can figure out how to do it.) <g>

Are there any plans to update this DLL?
Thanks in advance!

[Rémi Denis-Courmont]

Firefox is checking the wrong value, or rather it is expecting the wrong value.

[Neilium]

Hi, and thank you for replying!

Unfortunately, I have no idea what you mean by your answer.
Are you saying that version 2.1.3 is still supposed to be the current version and if so, what is the purpose of version 2.1.5 then???

If not, please explain?

Also, do you have any idea how to post an attachment here to my post? I'd like to show a small JPG screenshot.

Thanks in advance!

[Rémi Denis-Courmont]

There is no version "2.1.5" of the browser plugin. The last version of the browser plugin is "2.1.3".

[Neilium]

[sigh] Yes, I see that!
Why would the newest version (2.1.5) have an old v2.1.3 plugin?

[Rémi Denis-Courmont]

Because the plugin and the player have different release schedules? Because the plugin rarely needs updates?

[Neilium]

OK, never-mind... Thank you for your time.

[Pat_lan]

Hi.

I understood that the VLC plugin version is always 2.1.3, whilst Videolan current version is 2.1.5
But is the 2.1.3 version of the VLC plugin really vulnerable, as Firefox reports it ?
If yes, what are the risks ?

Best regards.

[Rémi Denis-Courmont]

I am not aware of any security issue recently fixed in the VLC browser plugin.

[spameur]

So update the plugin version... please.
Merci d'avance, on gagnera tous du temps...

[Ludrax]

Also, do you have any idea how to post an attachment here to my post? I'd like to show a small JPG screenshot.

viewtopic.php?f=14&t=113077

[marrazzo]

I am here for the same issue as Neilium.
Evidently I am not alone since there are a number of post inquiring about this matter, and a good number of views for each of these posts.

There really is no good reason to keep the plugin as a separate version number since the plugin operates with the VideoLAN application. It creates confusion and unnecessary concerns. You could point the finger at Mozilla for noticing that your version numbering system is aberrant, but I would ask that you unify the numbering systems between these VideoLAN product which operate interdependently and are delivered simultaneously from your servers.

[Rémi Denis-Courmont]

They are not interdependent. VLC does not depend on the plugin at all. And the plugin version does not have to match its "contemporary" VLC version. You can very well use plugin version 2.1.3 with VLC 2.1.0 or obviously VLC 2.1.5 with plugin 2.1.3.

Changing the plugin version number blindly would require piss off third party distributors such as Linux distros, require more work for the overworked VLC team. So that is not making sense. It is mostly historical that the first two version numbers are identical.

But that is irrelevant really. The thing is that, the version of the web plugin says nothing about the bugs in the underlying VLC. So no matter how you put it, this is a Firefox problem. The current check in Firefox can give both false positive (as they currently do) and false negative results. It is just plain broken.

And I don´t need to mention that (not all but still) most of the "security bugs" affecting VLC lie in third party libraries (such as libav/FFmpeg) that are covered neither by the VLC nor the web plugin version anyway.

[ingridm]

I've encountered the same problem.

I use Windows 64 bits and used the EXE file to update VLC.

After a few tests, I discovered that the files npvlc.dll and npvlc.dll.manifest were updated in this folder: C:\Program Files\VideoLAN\VLC
But not in this folder: C:\Program Files (x86)\VideoLAN\VLC
So I updated the files in this folder and now the error message is gone.

If required, you can extract the new DLL directly from the VLC ZIP file.

BTW, thanks to the VLC team, I've been using this free tool for years and it's my favorite for playing videos on my PC.
I'm frequently using it to learn how to play music scores using slow motion, I love the way it handles external subtitles, codecs, etc.

[duhman]

I am dealing with this firefox warning as well, but I cannot find the version 2.1.5 npvlc files in the decompressed installation files for VLC 2.1.5, as they are still version 2.1.3. Is it possible that the folks at VLC development somehow changed the file version for 7 - 64bit to version 2.15, when I see no windows OS specific downloads? I cannot understand how you could find them in the installation files, when I only see vers. 2.1.3 npvlc files.

I would sure like to see these version 2.15 files in my XP_SP3 system!

Any ideas, anyone? Are there somehow 2 versions for download, or did VLC somehow change back to version 2.1.3 for these files?

[Rémi Denis-Courmont]

Again, there is no VLC web plugin version 2.1.5. The latest version ever released as of today is 2.1.3. Firefox just got the version numbers wrong.

[evasive2014]

The npvlc.dll that is included in vlc-2.1.5-win64.exe reports its file version as 2.2.0
The npvlc.dll that is included in vlc-2.1.5-win64.exe reports its file version as 2.1.3

Sorry, but can you please correct your statement that the most recent 32bit version of the plugin is 2.1.3? Thank you.