Modernizing Authentication — What It Takes to Transform Secure Access
Mozilla is considering the addition of new functionality to the Firefox browser that will request user approval before running any content that requires a plug-in.
"When plugins.click_to_play is enabled, plugins will require an extra click to activate and start 'playing' content," Mozilla software engineer Jared Wein wrote in a recent blog post. "This is an incremental step towards securing our users, reducing memory usage, and opening up the web."
"This functionality prevents videos (including advertisements) on web sites from autoplaying, which is an annoyance to many users," The H Security reports. "It also conserves system resources as content presented through plugins often makes up a big part of the resources consumed by the browser. Another benefit of the click-to-play approach is that plugins only get loaded when the user actually clicks on the content in question. This limits the opportunities for 'drive-by' malware attacks by malicious content that targets plugin vulnerabilities in Flash and Java."
Still, ExtremeTech's Sebastian Anthony says this is likely to be a killing blow for browser add-ons. "With the recent shift towards HTML5, which has many multimedia features built in, Flash and Java are becoming more deprecated by the day," he writes.