Day-to-day web browsing in Firefox is about to get a little different. According to a blog post by Michael Coates, Mozilla's Director of Security Assurance, Firefox will soon require users to click to play content from all third-party plug-ins—except for the latest version of Flash.
In other words, Silverlight videos or Java applets will no longer appear automatically. The way Firefox's Click to Play feature works right now, users are presented with a grayed-out box and a "click here to activate" link, like so:
Folks running Firefox should start seeing a lot of those boxes soon—but hopefully not too many. Coates says it'll be possible to set certain sites to "never run plugins or . . . always run plugins." Off the top of my head, I can think of one site you'd want to add to the white list right away: Netflix, which (somewhat bizarrely) uses Silverlight to stream video content.
The thinking behind Mozilla's decision is pretty easy to understand. As Coates points out, auto-running plug-ins can jeopardize performance and stability. Also, security holes in outdated or vulnerable plug-ins are a "common exploitation vector." There may be no stopping users from clicking the "activate" button and infecting themselves, but at least this way, it won't happen automatically.
|1. Hdfisise - $600||2. Ryszard - $503||3. punkUser - $502|
|4. the - $306||5. SomeOtherGeek - $300||6. Ryu Connor - $250|
|7. doubtful500 - $200||8. Anonymous Gerbil - $150||9. webkido13 - $135|
|10. cygnus1 - $126|
|Report: Comcast will abandon Time Warner acquisition||52|
|Friday Night Shortbread||9|
|Acer's Switch 10 is a svelte, Atom-powered convertible||10|
|Hardware makers want to standardize the stylus||34|
|Deal of the week: The M500 960GB for $290, Battlefield Hardline for $36, and lots more||12|
|Thermaltake's Pacific radiators come in all the sizes||8|
|Modders can now charge for their work on Steam Workshop||202|
|Samsung's new 840 EVO fix starts trickling out||22|
|Arkham Knight requires at least 2GB of graphics memory||111|