Perfidies / Plugindir is the client to Mozilla's plugin vulnerability database. I think a variant of this is used here on this site geared for end users.
I would like to redirect any browser that is using an old version of Java, Silverlight, Flash, etc to a "quarantine" page asking them to upgrade their browser before they are permitted to log in.
What technical changes do I need to make to accomplish this?
What Perfidies specific javascript objects must I become aware of?
Are there any deployment concerns or modifications I should make?
... ...
You should provide some more context to your question. I will try to help you though suggesting a way to do this.
You mentioned you want to disallow users to login, so I think the best way to do this is putting the validation code in the login page as a javascript include. Keep in mind since the script is executed on the client, there is no guarantee that it will really execute and an expert user can circumvent your "protection" by e.g. disabling scripting. But if you are in an intranet and generally trust your users, it shouldn't be a big problem.
To learn how to use Perfidies, I recommend you looking at the following file which you should be able to change to your needs (not tested!). https://github.com/ozten/Perfidies-of-the-Web/blob/master/plugincheck_ui.js
The main function to call seems to be Pfs.findPluginInfos(Pfs.UI.navInfo, browserPlugins, incrementalCallbackFn, finishedCallbackFn)
. In the incrementalCallbackFn
you get all vulnerable plugins. If there exists one, you can redirect the browser to your page.
See the referenced page to see how to fill the other function-parameters.
Regarding deployment I would allow some way to skip this verification, because there are always cases in which you want to allow exceptional access. If your boss needs a report in 5 minutes you don't want to tell him that he has to update his java version first, just because there was an update yesterday which probably isn't even exploited yet.
So maybe show a big red warning for users trying to access the page, but give them a way to ignore the warning if they choose to...
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With