Firefox has Click-to-Play cure for plugin plague

Jan 30, 2013 by Nancy Owano report
Firefox

(Phys.org)—Mozilla this week took an important step to strengthening and in some cases restoring confidence in Firefox as a class-act browser. The community issued an announcement by Mozilla's Michael Coates, director of security assurance, about Mozilla's latest move to avert plugin plagues. "Mozilla has decided that it's time to take things to the next level by disabling as many automatic plug-in activations as possible," he said, in a January 29 post.

From now on, Firefox users need to manually enable plugins on each Web page. In the manner of Click-to-Play, Firefox will only load plugins when a user takes the action of clicking to make a particular plugin play.

The feature "Click-to-Play" will allow users to be in the driver's seat to choose what they want to run and what they want to avoid. On the other side of the extreme of users who never want to run plug-ins are those who may always want to allow plug-ins to run software or handle different formats; they may see plugins less of a risk and more of ease of use for powering their videos, animation and games of choice. Mozilla said over and above, it's the user's choice, and Click-to-Play can be configured to over-ride Mozilla's defaults.

Nonetheless, Mozilla is changing the way Firefox loads third-party plugins because of those instances where third-party plugins present security headaches and offset Mozilla's attempts to provide the most secure browsing environment possible.

Plugins don't always update automatically, which is the problem. Before the move, Firefox was automatically landing plug-ins requested by a website. As Coates pointed out, "One of the most common exploitation vectors against users is drive by exploitation of vulnerable plugins." He added that users with outdated or vulnerable plugins are open to malware if they browse to a site equipped with a plugin exploit kit.

Third party plugins presenting risks of pauses and in Firefox have now been addressed by the latest moves. "By only activating plugins that the user desires to load, we're helping eliminate pauses, crashes and other consequences of unwanted plugins."

In addition to playing it safe with Click—to-Play, Mozilla has recommended that users try to make sure that their plugins are up to date. Although Mozilla is giving Flash from Adobe Systems the go-ahead by default, the user must be running the latest version, which is the only version of Flash that is allowed to run by default. If the user's version is not up to date, then will relegate it to Click-to-Play. offers users a website to see if their plugins are current.

Explore further: IBM unveils cognitive exploration to drive better business outcomes

More information: www.mozilla.org/plugincheck/
blog.mozilla.org/security/2013… -control-of-plugins/

Related Stories

WebRTC puts video chats all in the browser

Apr 10, 2012

(Phys.org) -- “It’s all in the browser. No plugins. And you don’t just need only Chrome either, Good stuff.” Those are the comments you can hear when in WebRTC circles. For those who have ...

Firefox 4 has simpler design, more privacy control

May 11, 2010

(AP) -- The next version of the Firefox browser, set for release by the end of the year, will pare down the software's menus and certain user options while giving Web surfers more control over privacy.

Firefox passes one billion downloads

Jul 31, 2009

Mozilla announced Friday that it had passed one billion downloads of Firefox, its Web browser that has gained popularity as a free alternative to Microsoft's ubiquitous Internet Explorer.

Mozilla unleashes sleek new Firefox Web browser

Mar 22, 2011

A fast, sleek new version of Firefox was released on Wednesday to vie Microsoft's Internet Explorer 9 (IE9) and Google Chrome in the fiercely competitive market for Web browsing software.

Mozilla resists request to remove Firefox tool

May 06, 2011

Mozilla, the non-profit developer of the Firefox Web browser, is holding off on complying with a government request to remove a software tool meant to circumvent federal efforts at curbing Internet piracy.

Recommended for you

Smarter, quicker-thinking referees? There's an app for that

Oct 27, 2014

KU Leuven and UEFA, European football's governing body, have embarked on a four-year project to expand and fine-tune a web-based skills training platform for referees. Early results show that the application can improve assistant ...

User comments : 4

Adjust slider to filter visible comments by rank

Display comments: newest first

Newbeak
not rated yet Jan 30, 2013
I always run FF sandboxed,and have never had any plug-in security issues.
Eikka
not rated yet Jan 31, 2013
I always run FF sandboxed,and have never had any plug-in security issues.


I don't, and I've never had any plug-in security issues.

Probably because I don't stuff my browser full of unnecessary plugins, toolbars, and other data miners. Seriously, there should be a law against companies like Google pushing their toolbars and web browsers on you with every piece of software they own or sponsor. It's like a minefield - the box is already checked for you, "Yes, I want to install spyware on my machine."
Aloken
not rated yet Jan 31, 2013
I for one welcome this change. It'll be more like firefox for android where flash ads and videos require you to click in order to play them.
antialias_physorg
1 / 5 (1) Jan 31, 2013
Mozilla said over and above, it's the user's choice, and Click-to-Play can be configured to over-ride Mozilla's defaults.

Good. At first I was thinking: "Oh my god - will I have to activate ad-block on every page separately?". But Click-To-Play makes sense for those plugins you use only once every blue moon.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.