Mozilla to Enforce 'Click-to-Play' Plugins in Future Versions of Firefox

rated by 0 users
This post has 7 Replies | 1 Follower

Top 10 Contributor
Posts 26,388
Points 1,192,360
Joined: Sep 2007
News Posted: Tue, Jan 29 2013 2:28 PM

In the earlier days of the Web, our browsers were simple. If one crashed, it was likely due more to poor programming than whatever content you were viewing. The opposite can be said today, where many websites have the potential to crash any number of plugins you've got equipped - especially true for the weightiest ones, such as Flash, Silverlight and Java. Browser instability caused by such plugins has become a major focus of Mozilla that the company has decided to take the risky move of making users click to activate one whenever one is needed in its Firefox browser.

Picture, for example, going to a website that has an embedded Java-based game. Currently, if your security settings are in check, it may play without issue. The same could be said for Flash. However, in future versions of Firefox, a box would simply fill the area where the content should be, and users will need to click on it to allow the browser to load the plugin and then the content.

Here's the caveat: this functionality does not affect the latest variant of Flash. The reason for this is likely obvious, as that is one plugin that's used by the vast majority of Internet users, and one that could impede half of the Internet if it were disabled by default. However, as great as an excuse as that may be, it's certainly not a decision that's going to please everyone. Why does Adobe get a free pass when Microsoft and Oracle don't?

These changes stand to increase browser security in a number of ways. For example, while the latest version of Flash will get the green-light, outdated versions will not. Instead, it'd become obvious quickly to the user that their Flash is out-of-date, at which point they'd (likely) go and update it. Where plugins are concerned, the latest version is almost always the "best", due to the multitude of bug-fixes that get passed along continually. Not sure if a plugin is out-of-date? Mozilla has a page to help you out.

It should be noted that while this behavior is default, and can't be turned entirely off (from what we can tell), you are in fact able to white-list websites that you trust - a very good thing.

What are your thoughts on this? Is Mozilla making the right move here, or should it have left things as they were?

  • | Post Points: 50
Top 10 Contributor
Posts 8,689
Points 104,350
Joined: Apr 2009
Location: Shenandoah Valley, Virginia
realneil replied on Tue, Jan 29 2013 8:07 PM

Sounds like a lot of work white-listing sites.

I'll reserve judgement until I've tried it out.

Dogs are great judges of character, and if your dog doesn't like somebody being around, you shouldn't trust them.

  • | Post Points: 50
Top 150 Contributor
Posts 626
Points 5,600
Joined: Sep 2012
Location: Canada
RWilliams replied on Tue, Jan 29 2013 9:09 PM

I was thinking the same thing.

  • | Post Points: 5
Top 150 Contributor
Posts 619
Points 5,260
Joined: Dec 2011

Whitelisting is the way of the future. I whitelist for ads, flash, literally everything.

  • | Post Points: 20
Top 500 Contributor
Posts 272
Points 2,170
Joined: Jan 2012
Location: Mississauga, Ontario
karanm replied on Tue, Jan 29 2013 11:47 PM

This is going to confuse some people who have little experience with plugins, I already know I'm gonna have to help my mom with this.

  • | Post Points: 5
Top 10 Contributor
Posts 6,181
Points 90,135
Joined: Aug 2003
Location: United States, Virginia

Whitelisting takes way to much energy for most people. I think you are in the minority Mayhem.

  • | Post Points: 5
Top 500 Contributor
Posts 274
Points 3,030
Joined: Sep 2009
Location: Port Orchard, WA

I will like keep adobe, Flashplayer, Sliverlifght on FireFox. it dont have any problem with them. Other is Java is very bad news... It still risky for most of us use the Java plg in. Firefox run fine with 2 plg in (flashplayer, Sivlerlight) without nedd Java plug in.

  • | Post Points: 5
Top 50 Contributor
Posts 2,917
Points 24,670
Joined: Jul 2001
Location: United States, New York
digitaldd replied on Thu, Jan 31 2013 9:54 AM

White-listing can be tested by installing noscript in firefox now, or not script in Chrome, or using the Security Zones in Internet Explorer

  • | Post Points: 5
Page 1 of 1 (8 items) | RSS