Mozilla Enhances Plug-in Control in Firefox

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Mozilla is considering the addition of new functionality to the Firefox browser that will request user approval before running any content that requires a plug-in.

"When plugins.click_to_play is enabled, plugins will require an extra click to activate and start 'playing' content," Mozilla software engineer Jared Wein wrote in a recent blog post. "This is an incremental step towards securing our users, reducing memory usage, and opening up the web."

"This functionality prevents videos (including advertisements) on web sites from autoplaying, which is an annoyance to many users," The H Security reports. "It also conserves system resources as content presented through plugins often makes up a big part of the resources consumed by the browser. Another benefit of the click-to-play approach is that plugins only get loaded when the user actually clicks on the content in question. This limits the opportunities for 'drive-by' malware attacks by malicious content that targets plugin vulnerabilities in Flash and Java."

"Currently there are Firefox add-ons that do something similar, such as the NoScript extension that blocks JavaScript, Java, Flash, Silverlight and other content by default and Flashblock, which requires a user click on a static image before the plugin can load," notes Threatpost's Anne Saita. "But as of yet, no Web browser does it by default."

Still, ExtremeTech's Sebastian Anthony says this is likely to be a killing blow for browser add-ons. "With the recent shift towards HTML5, which has many multimedia features built in, Flash and Java are becoming more deprecated by the day," he writes.