Mozilla to Enforce 'Click-to-Play' Plugins in Future Versions of Firefox
In the earlier days of the Web, our browsers were simple. If one crashed, it was likely due more to poor programming than whatever content you were viewing. The opposite can be said today, where many websites have the potential to crash any number of plugins you've got equipped - especially true for the weightiest ones, such as Flash, Silverlight and Java. Browser instability caused by such plugins has become a major focus of Mozilla that the company has decided to take the risky move of making users click to activate one whenever one is needed in its Firefox browser.
Picture, for example, going to a website that has an embedded Java-based game. Currently, if your security settings are in check, it may play without issue. The same could be said for Flash. However, in future versions of Firefox, a box would simply fill the area where the content should be, and users will need to click on it to allow the browser to load the plugin and then the content.
Here's the caveat: this functionality does not affect the latest variant of Flash. The reason for this is likely obvious, as that is one plugin that's used by the vast majority of Internet users, and one that could impede half of the Internet if it were disabled by default. However, as great as an excuse as that may be, it's certainly not a decision that's going to please everyone. Why does Adobe get a free pass when Microsoft and Oracle don't?
These changes stand to increase browser security in a number of ways. For example, while the latest version of Flash will get the green-light, outdated versions will not. Instead, it'd become obvious quickly to the user that their Flash is out-of-date, at which point they'd (likely) go and update it. Where plugins are concerned, the latest version is almost always the "best", due to the multitude of bug-fixes that get passed along continually. Not sure if a plugin is out-of-date? Mozilla has a page to help you out.
It should be noted that while this behavior is default, and can't be turned entirely off (from what we can tell), you are in fact able to white-list websites that you trust - a very good thing.
What are your thoughts on this? Is Mozilla making the right move here, or should it have left things as they were?