Firefox adds click-to-play to prevent security hazards

If you're reading this article, you are likely more security conscious and tech-aware than the majority of computer users. Most people just want to be able to have a computer for basic tasks and everyday living, but never consider the security hazards they leave themselves open to. If anyone was to send some of the less aware computer users a link to a malicious Java or Flash file they almost definitely would fall for it, hook, line, and sinker. Mozilla wants to change that, as shown below.


Don't be fooled, it's an image ;) This new feature will roll out with Firefox 14.

As Sophos observes, the company is adding "click-to-play" functionality to Firefox 14. At present, the version of Firefox released on the normal stream is 12, though Mozilla's aggressive releases mean that the feature will trickle down quickly. Click-to-play functionality is not exclusive to Firefox, with the Opera web browser also including the functionality. The change also means that Firefox will consume less memory when in use, going some distance to relieve the browser of its memory consumption issues, for which it is notorious.

Users who have used NoScript or Flashblock will know what Mozilla are adding: the black box signifying a plugin, which can then be clicked to enable it. Questions have already been raised by different tech bloggers and authors about whether this is truly going to add any meaningful security to Firefox or not, though at the moment it is only in the prerelease streams, such as Nightly and Aurora. Therefore, the Firefox users with more knowledge of their browser will be the ones experiencing the change earlier, and will be best able to suggest whether or not this is going to make a major contribution to Internet security or not. Mozilla are known for their focus on Internet security and an open web, so it probably will be possible to disable it via the "about:config" menu.

Report a problem with article
Previous Story

Has Microsoft forgotten what Metro's all about?

Next Story

Do you know who you write like?

58 Comments

Commenting is disabled on this article.

This won't do much to improve security. It's just going to be annoying for home and business users. All that needs to be done is to keep these plugins updated and there won't be much of a security risk.

The normal computer user will just activate it no? User is sent a link in an email and clicks it, user is then asked to click to activate plugin... surely they will just activate it?

I find it funny that a few people here are so annoyed by having to exert the effort of one more click to see a Youtube video or whatever. I've been using FlashBlock for years now, and whenever I forget to install it, I quickly get reminded why I use it by one of the most irritating recent trends in online advertising - flash video ads that automatically play D: I mean honestly, if I go to a website, I don't want to suddenly have an ad for washing up liquid or shampoo or car insurance playing ***AT FULL BLAST WITH OVER-ENTHUSIASTIC VOICE ACTORS PLEASE BUY OUR STUFF OR THEY'LL BEAT US AGAIN*** through my computer's main speakers, which happen to be my TV's rather loud main speakers. If this is because of patent issues then all I can say is that for once, the ridiculousness that is "software patents" has actually ended up improving software

Marianne Ibbotson said,
I find it funny that a few people here are so annoyed by having to exert the effort of one more click to see a Youtube video or whatever. I've been using FlashBlock for years now, and whenever I forget to install it, I quickly get reminded why I use it by one of the most irritating recent trends in online advertising - flash video ads that automatically play D: I mean honestly, if I go to a website, I don't want to suddenly have an ad for washing up liquid or shampoo or car insurance playing ***AT FULL BLAST WITH OVER-ENTHUSIASTIC VOICE ACTORS PLEASE BUY OUR STUFF OR THEY'LL BEAT US AGAIN*** through my computer's main speakers, which happen to be my TV's rather loud main speakers. If this is because of patent issues then all I can say is that for once, the ridiculousness that is "software patents" has actually ended up improving software

Simply put, right on!!

naap51stang said,
I find the plugin flashblock has worked well for years.
How does it fair against HTML video?

Maybe they meant tap-dance so we should hit our monitors with metal heels.

naap51stang said,
I find the plugin flashblock has worked well for years.
How does it fair against HTML video?

Maybe they meant tap-dance so we should hit our monitors with metal heels.

Does anyone not realize that if there is malicious code or a virus there, that as soon as you click on "Tap here to activate plugin", you are going to be infected anyway!

kellykufeldt said,
Does anyone not realize that if there is malicious code or a virus there, that as soon as you click on "Tap here to activate plugin", you are going to be infected anyway!
I was just about to say that but here at neowin they always try to put down firefox and apple software It's ashamed I will have to stop using firefox. The annoying "Click to play" is the main reason I don't use Opera today. It looks like Firefox just wants to shoot itself in the foot and surprisingly people are cheering them on.

Totalaero said,
I was just about to say that but here at neowin they always try to put down firefox and apple software It's ashamed I will have to stop using firefox. The annoying "Click to play" is the main reason I don't use Opera today. It looks like Firefox just wants to shoot itself in the foot and surprisingly people are cheering them on.

You do know you can disable right? The mobile version even has a really easy to find option for doing so, something I'm sure the desktop one will as well.

I find this kind of thing really useful for preventing flash ads from automatically playing bandwidth wasting videos.

Totalaero said,
I was just about to say that but here at neowin they always try to put down firefox and apple software It's ashamed I will have to stop using firefox. The annoying "Click to play" is the main reason I don't use Opera today. It looks like Firefox just wants to shoot itself in the foot and surprisingly people are cheering them on.

You don't know what you're talking about. This Fx's "Click-to-Play" is totally different from Opera's default "Click-to-Activate". It's optional and won't be enabled by default. Opera has also Click-to-Play now, which means -IF YOU ENABLE IT - you gonna need 2 clicks... The Click-to-Activate it's an old patent which only Opera hasn't pay the author for license... All other have licensed the "Click-to-ACTIVATE"... Don't confuse these 2...

Edited by PC EliTiST, May 6 2012, 3:12pm :

IE was first in 2006, to skirt around Eolas patents, but then they backtracked this functionality, which is a shame because it is a good security feature and reduces load when you have opened multiple pages at once or do not wish to run the plugin (eg if it is for a Flash based Ad).

Great idea. However, with this and a lot of new "goodies," Mozilla seems to be distancing themselves more and more from the non-power user. [For example, ever try to get a separate Stop and Reload button to remain on the address bar? I have not, even with Mozilla's technical support. Supposedly, these discrete buttons morphed into some kind of dynamic button with version 4. It may be clunky having two buttons, but why prevent non-power users from having them?]

TsarNikky said,
Great idea. However, with this and a lot of new "goodies," Mozilla seems to be distancing themselves more and more from the non-power user. [For example, ever try to get a separate Stop and Reload button to remain on the address bar? I have not, even with Mozilla's technical support. Supposedly, these discrete buttons morphed into some kind of dynamic button with version 4. It may be clunky having two buttons, but why prevent non-power users from having them?]

Yes, just move the stop button before the reload button.

n_K said,
Good idea but annoying as more adverts will switch to images from flash bah

Why would that be more annoying, most of those advertisements use flash to be MORE annoying themselves (expanding the page to show their stuff, showing full page with a very tiny close 'x' that opens a popup before it closes, playing stupid sounds, etc.) when they could just as easily be shown in an animated gif...

I think they should change the icon in the middle to a picture of Scarlett Johansson. I'd tap that to play.

Edited by warwagon, May 5 2012, 10:21pm :

warwagon said,
I think they should change the icon in the middle to a picture of Scarlett Johansson. I'd tap that to play.

Bwahahaha!! XDDDD

Whow... wait... warwagon posted this?

GS:mac

tbh, when I saw that picture I was a little hopeful that they were coming up with some new security feature to help users realize that all those "click here to download plugin" ads on websites that mimic the Firefox feature aren't really from firefox :\

hotdog963al said,
Been using this in Chrome for ages! Glad FF is getting it finally.

Chrome has never had this! When I want to watch a video, I hit the play button. I don't have to go through a mine field like this. Are you sure you on't have an add on doing this for you?

butilikethecookie said,

Are you sure you on't have an add on doing this for you?

Pretty sure you're right, plug-in.

butilikethecookie said,

Chrome has never had this! When I want to watch a video, I hit the play button. I don't have to go through a mine field like this. Are you sure you on't have an add on doing this for you?

Uhh, yes it does.

Settings > Advanced Settings > Plugins > Click to play.

Your post = ignorant fail.

butilikethecookie said,

Chrome has never had this! When I want to watch a video, I hit the play button. I don't have to go through a mine field like this. Are you sure you on't have an add on doing this for you?

Open chrome , paste : chrome://chrome/settings/content#click%20to%20play

excuse me , i couldn't understand after the exclamation mark.
Its a feature Opera came up with first , then chrome and now Firefox

hotdog963al said,
Been using this in Chrome for ages! Glad FF is getting it finally.

Crashing whenever you try to run Flash content is a bit different. LOL

mantequillas said,

Uhh, yes it does.

Settings > Advanced Settings > Plugins > Click to play.

Your post = ignorant fail.

I am using Chrome on Mac and can not seem to find this anywhere :-(

bogas04 said,

Open chrome , paste : chrome://chrome/settings/content#click%20to%20play

excuse me , i couldn't understand after the exclamation mark.
Its a feature Opera came up with first , then chrome and now Firefox


I am using Chrome on Mac and can not seem to find this anywhere :-(

TsMkLg068426 said,

I am using Chrome on Mac and can not seem to find this anywhere :-(

chrome://chrome/settings/content < There. At least in version 20. Don't know how far back it goes.

Kushan said,

Can't wait until Mozilla puts in a button to add extra melodrama to posts.


LOL. The sad thing is I don't think people need any help with that...

Kushan said,

Can't wait until Mozilla puts in a button to add extra melodrama to posts.

The best part is this fool (and the person that liked his post) doesn't realize that this is also built into Chrome, what a nugget...

It's a brilliant feature and I'm glad more browsers are adopting it.

TrOjAn. said,
Same as Opera has been doing for a long time.

If you haven't noticed yet, FF keeps "borrowing" Opera's ideas for a long time now.

alwaysonacoffebreak said,

If you haven't noticed yet, FF keeps "borrowing" Opera's ideas for a long time now.

All ideas are borrowed, get over it. There's nothing truly 100% genuine.

andrewbares said,
All ideas are borrowed, get over it. There's nothing truly 100% genuine.

Exactly. Good ideas will become the standard.

TrOjAn. said,
Same as Opera has been doing for a long time.

Thanks to Opera for that These features help devs make a better browser and ultimately good experience for users

TrOjAn. said,
Same as Opera has been doing for a long time.

Not really, there is a difference here - Mozzilla seems to be stopping the plugin loading entirely until you click on it - whereas Opera loads the plugin and let's it do it's thing, but doesn't allow you to interact with it at all before clicking on it first.

And it wasn't done as a feature for Opera, it was done because they couldn't afford to pay for the (stupid) patent on the plugin's that are automatically interactable with. Because someone actually patented that.

Edited by ~Johnny, May 5 2012, 11:46pm :

~Johnny said,

And it wasn't done as a feature for Opera, it was done because they couldn't afford to pay for the (stupid) patent on the plugin's that are automatically interactable with. Because someone actually patented that.

To go along with the quote above, that's a good point as I also don't get the conversation Opera vs FF on this. This may be different slightly, but IE did this on IE 7.0 for awhile and preceded Opera and FF. This was done by MS because of the same patent issue and as I recall almost everyone that had an opinion, hated this functionality. Once the patent issue was resolved, MS removed this immediately because of the backlash. So now people like this "feature"?

Opera did this when Microsoft lost the Eolas patent case and had to implement click to play. They themselves weren't getting sued, but as you say, they couldn't afford the fees should Eolas have filed against them as well.

bogas04 said,

Thanks to Opera for that These features help devs make a better browser and ultimately good experience for users


Actually Microsoft was the first one to do this because they were forced by Eolas patent case.

BajiRav said,

Actually Microsoft was the first one to do this because they were forced by Eolas patent case.

Thanks to IETeam for that These features help devs make a better browser and ultimately good experience for users

bogas04 said,

Thanks to IETeam for that These features help devs make a better browser and ultimately good experience for users


oho.. I c wut u did...

TrOjAn. said,
Same as Opera has been doing for a long time.

If you say so, what can one think for Out of Proccess Plugins or Hardware Acceleration? Fx has had them long time, Opera currently builds 'em...

McKay said,
Tap here? Not Click? Touch Browser?

A Freudian slip that does not bode well for Mozilla. Are they falling into the same trap that Microsoft is finding itself with by abandoning laptop/desktop users who use keyboards and mice?