Nearly all Firefox plugins to be blocked by default, including Silverlight

There's been a lot of concerns lately over the safety of browsing websites that support third party plugin software. That's been especially true of the Java software, which has been discovered to have a number of security holes.

This week, Mozilla announced a change in its previous plugin software setup for its Firefox web browser. In a post on its blog, Michael Coates, Mozilla's director of security assurance, stated:

Previously Firefox would automatically load any plugin requested by a website. Leveraging Click to Play Firefox will only load plugins when a user takes the action of clicking to make a particular plugin play or the user has previously configured Click To Play to always run plugins on the particular website.

Click To Play is a list of plugins that Firefox blocks from running on the browser. Under the new system, Firefox will soon block all plugins from automatically running, with the exception of the current version of Flash. Coates cited both performance and security issues as the reasons for this new system.

Once the final implementation of this new system is put in place, Firefox will automatically block the running of plugins such as Java, Acrobat Reader and Microsoft's Silverlight plugin, even if they are updated to current versions by their respective companies.

Source: Mozilla | Image via Mozilla

Report a problem with article
Previous Story

Google offers a reprive; Exchange ActiveSync support for Windows Phone to end July 31st

Next Story

New Windows 8/RT device Gmail access via Exchange ActiveSync ending today

45 Comments

View more comments

tsupersonic said,
Yep, the neowin summary didn't indicate this from a quick glance. Still how many Joe Schmo's would know how to do that? They'd probably just use Firefox w/ out of the box settings.

If their impl is anything like chrome's then it won't exactly be difficult.

Hollow.Droid said,
READ THE ARTICLE!! You can enable run once/run always for particular sites.

Lol, sensationalism injected in the title (they are not "blocking" the plugins, they just are not automatically loading plugin content w/o user interaction which is a GOOD THING). Couple the title with the fact that folks here just like to talk and not listen...

Good move. It would be nice if they would do this for Flash, even the current version, but too many sites use Flash in the background (for things like audio - rdio, I'm looking at you) which makes it difficult to... you know, click.

Now that Flash is dead on mobile, the only use for it is cross platform compatibility on Windows, OS X and (kind of) Linux, all on desktops. Plugins are going the way of the dodo, and apps are taking their place.

Apps are generally catered to the operating system they run on, though, even if only in a small way (like using the menu bar in OS X). They're also a more explicit agreement between you and the app maker: if you run an app, you probably trust it more than you do any old web site.

But, yeah, apps built on plugins are still apps. It's more of a colloquialism for "native application" these days.

Jason Stillion said,
One can argue app and plugin are the same thing.

No. Not really. A plugin extends the media support of a browser. For instance it extends support to run Java or Flash based code. An "app" (at least in this context) is generally considered a platform dependent client that utilizes data from the web.

About time they added some useful functionality based on what addons people most frequently use. More like this, because their own innovations scuk.

BlendedFrog said,
I take it this means that adblock won't run unless you enable it for each and every website?

No, it's an addon.

BlendedFrog said,
I am confused...what's the difference between an addon and a plugin according to mozilla?

well plugins have external dll, executables etc ... while add-ons rely on features already on browser (css, js, ...). Anyways firefox makes a clear distinction for plugins, there's a separate "tab".

Addon is most often a script that appends/makes changes to UI elements and how they behave.
Plugin is a compiled binary that can access to and do everything it wants.

Currently flash is the only plugin that I find useful, all the other are just unnecessary security breaches. It's rare that I ever see an interesting Java applet on the web.

Yeah, java based web applets are rare these days. I come across engineering "calculator" type java apps all the time (to make some calculation easier). There also seems to always be some Windows or Mac app that I'm running that requires the Java runtime to be installed. I just can't get away from it. Every time I uninstall I find myself reinstalling after a few weeks when I hit something that requires it.

Like others have said, they should attempt to make a sandbox for firefox. Other browsers have done it, why can't they? plugins of course are another story. I'll stick to palemoon thank you.

I refuse to install Firefox on Windows 8 because it *** really bad on Windows 8. Google Chrome works like a treat.

I don't understand. I used to love firefox. don't know why keep hurting themselves. Firefox mobile OS? really? comon mozilla open your eyes you are keep loosing your users.

S3P€hR said,
I don't understand. I used to love firefox. don't know why keep hurting themselves. Firefox mobile OS? really? comon mozilla open your eyes you are keep loosing your users.

I think you are the one that needs to open your eyes, with this move it's helping the users not hurting them. and stop worrying about the Firefox mobile OS.

Good news! Click to play is essential to web security for you as a user to be in control of those plugins. Opera already have this functionality and I hope more will follow.

For the problems is also that all browsers just pick up what ever browser plugins it finds on you computer even if you did not tell it to or you are aware of it because of newly installed application for instance.

So instead of the user constantly enabling/disabling plugins when in need and always keep an eye on to avoid new plugins you can make sure the page you are visiting will not use plugins until you allow it.

This will also create an awareness about the problems with plugins and hopefully a faster to transition to HTML5 if possible.

Commenting is disabled on this article.