NPC Seal
We use cookies to ensure you get the best browsing experience. By continued use, you agree to our privacy policy and accept our use of such cookies. For further information, click FIND OUT MORE.
I AGREE FIND OUT MORE
x
advertisement
Filtered by: Scitech
SciTech

Mozilla grants more user control over browser plugins


To prevent crashes or unauthorized software from running in its Firefox browser, Mozilla will give users more control over which plugin to run.
 
In a blog post, Mozilla said it is changing the way Firefox loads third-party plugins such as Flash, Java and Silverlight.
 
"This change will help increase Firefox performance and stability, and provide significant security benefits, while at the same time providing more control over plugins to our users," said Michael Coates, director of security assurance.
 
"Our plan is to enable Click to Play for all versions of all plugins except the current version of Flash. Click to Play has already been enabled for many plugins that pose significant security or stability risks to our users. This includes vulnerable and outdated versions of Silverlight, Adobe Reader, and Java," he added.
 
Before, Firefox would automatically load any plugin requested by a website.
 
It recently introduced "Click to Play," a feature that will load plugins only when a user takes the action of clicking to make a particular plugin play.
 
With this feature, users can choose if they wish to run a plugin on a particular site.
 
Users can also configure sites to never run plugins or conversely always run plugins. "This change puts the user in control," Coates said.
 
"By only activating plugins that the user desires to load, we’re helping eliminate pauses, crashes and other consequences of unwanted plugins," he added.
 
Vulnerable plugins
 
However, he noted one of the most common exploitation vectors against users is drive-by exploitation of vulnerable plugins.
 
In this kind of attack, a user with outdated or vulnerable plugins installed in their browser can be infected simply by browsing to a site that hosts a plugin exploit kit.
 
"We’ve observed plugin exploit kits to be present on both malicious websites and also otherwise completely legitimate websites that have been compromised and are unknowingly infecting visitors with malware. In these situations the website doesn’t have any legitimate use of the plugin other than exploiting the user’s vulnerable plugin to install malware on the their machine. The Click to Play feature protects users in these scenarios since plugins are not automatically loaded simply by visiting a website," Coates said.
 
Coates also strongly recommended that users keep their plugins up to date.
 
He said the website (mozilla.org/plugincheck/) can be used to determine if plugins are current.
 
Specific steps
 
Coates said Mozilla's next steps are the following:
 
1. Click to Play old versions of Flash (versions <=10.2.*) and slowly add more recent insecure Flash versions to the Click to Play list. The most current version of Flash will NOT have Click To Play.
 
2. Click to Play current versions of Silverlight, Java, and Acrobat Reader and all versions of all other Plugins.
 
"During this change we will monitor the results and feedback of the new settings and UI to ensure we’re providing a quality experience and delivering the many benefits of Click to Play to Firefox users," Coates said. — TJD, GMA News
Tags: mozilla, mozillafirefox
LATEST ELEKSYON 2025 RESULTS
News
Voter's Education
Candidates
Find out your candidates' profile
Debates
Find the latest news
Stand on Issues
Find out individual candidate platforms
MyKodigo
Choose your candidates and print out your selection.
Voter's Profile
Voter Demographics
Most Popular