Now you get to choose if a plugin will play on a specific website.
The Mozilla Security Blog reports that the company is changing the way Firefox loads third-party plugins through an updated feature called Click to Play. Thanks to this change, Firefox will only load a plugin if the user clicks on it to make it play, or if the user already configured Click to Play to activate a plugin on a particular website. This not only increases the browser's performance and stability, but makes it more secure.
"Poorly designed third party plugins are the number one cause of crashes in Firefox and can severely degrade a user’s experience on the Web," said Michael Coates, Director of Security Assurance. "This is often seen in pauses while plugins are loaded and unloaded, high memory usage while browsing, and many unexpected crashes of Firefox. By only activating plugins that the user desires to load, we’re helping eliminate pauses, crashes and other consequences of unwanted plugins."
Click to Play has actually been a part of Firefox since version 17 launched in November, but Mozilla has essentially made the feature even more restrictive on plugins. Click to Play prevents plug-ins from automatically playing, but users can override the block by clicking on the grayed-out content area on the web page. This should help reduce the number of malware infections due to drive-by exploitations of unsecured, outdated plugins.
"We’ve observed plugin exploit kits to be present on both malicious websites and also otherwise completely legitimate websites that have been compromised and are unknowingly infecting visitors with malware," he said. "In these situations the website doesn’t have any legitimate use of the plugin other than exploiting the user’s vulnerable plugin to install malware on the their machine. The Click to Play feature protects users in these scenarios since plugins are not automatically loaded simply by visiting a website."
The plan is to block all plugins using Click to Play except for the very latest version of Flash (which on a personal note can be the biggest cause of Firefox crashes). The latest version of Flash is 11.5x for Windows 7 and older, OS X Snow Leopard, Lion and Mountain Lion (Windows 8 is using 11.3x). Firefox is now blocking versions 10.2x and older.
Once the final UI work is completed on Click to Play, current versions of Silverlight, Java, and Acrobat Reader and all versions of all other plugins will be blocked by default. During the change, Mozilla will monitor feedback regarding the new settings and UI to ensure a quality Firefox experience.
To determine if your plugins for Firefox are current, head here.
If you done everything you can, then it's up to the website admin to maintain the website. For example, MS can do it's best to secure its OSes, but it's up to the users to not act like idiots.
Tell that to Google.
This is something Mozilla should have done a long time ago, and I welcome this change. If users don't "get it", or think this is too much of a nuisance, then go back to IE or Safari and enjoy getting owned with the rest of those users.
Grey space and a button that says "Play." If those people don't know what to do, then those people shouldn't be using the internet.
I think it would gain market share instead. Not only is it more secure, it's going to be faster because it doesn't load the plugins.
I find it a convenience. Most casual users use Chrome.
Actually, you're correct. This feature fails the "grandma test". A lot of the techies in here will not recognize that (hence the - votes you receive). Most users are more concern with usability than security. Moreover, even after getting their computers hacked, I have still seen them remain this way.
The casual user will not see this as a feature. They will see it as a roadblock of just one more thing that doesn't work as they expect it (per their experience) to. Too many things to left click on... Or octuple right click on... etc.
And thanks to that the days of the annoying adds which play loud sounds are over, and the CPU utilization is pretty lower as well as memory consumption. At least, using linux i saw this very helpful. And my laptop with and old dual core, the cpu responsiveness improved a lot and also works cooler than before when ads put a burden bigger than 50% of cpu.