facebook rss twitter

Firefox 26 blocks plugin content loading by default, except Flash

by Mark Tyson on 10 December 2013, 15:11

Tags: Firefox

Quick Link: HEXUS.net/qab57j

Add to My Vault: x

The Firefox 26 update will be rolling out today and if you don’t want to wait for the update notice to pop-up you can go and download it right now from here. The latest release adds a number of features, probably the most notable of which is to improve browser security; from now on all plug-ins, except Flash, will require that user permission is granted before loading their content. Mozilla calls this feature ‘click to play’.

The ‘click to play’ feature was first trialled in Firefox Aurora back in September and obviously Mozilla has decided the feature is working well enough and will be popular enough for prime-time. As explained back then “When a site tries to use a plugin, the user will be able to choose whether to enable the plugin on that site.” A user will have a choice of ‘Allow now’ or ‘Allow and remember’ when prompted about the plugin run request. Mozilla reminds us that plugins are a source of a lot of crashes and security incidents so this plugin-screening behaviour can help users enjoy a speed-bump free browsing experience.

Mozilla chose to allow Flash to work without prompting due to its ubiquity and potential to confuse if disabled by default. Usefully, if Firefox sees you are using an older ‘known to be insecure’ Flash version you will be prompted to update.

Other updates and improvements present in Firefox 26 include:

  • Firefox updates will be able to be installed by users without write permissions to Firefox install directory.
  • Passwords can now be remembered for script-generated password fields.
  • H.264 video is supported on Linux systems with GStreamer plugins.

Also the update has brought along a crop of fixes for various security issues and page rendering issues with image orientation and text rendering. You might also notice rendering speeds improve as images that aren’t visible are now not decoded. Last but not least MemShrink has also been refined in Firefox 26, which helps reduce memory usage with image-heavy pages.



HEXUS Forums :: 7 Comments

Login with Forum Account

Don't have an account? Register today!
I've not looked closely, but on the surface, blooming good move.
I'll wait on full judgement but working with the internet just seems to be getting harder and harder…

first we get the ‘eu cookie rubbish’ which we had to click on,
google analytics is pretty much pointless now due to them ‘hiding keywords’ except for the paid adverts…
now we've got extra clicks in firefox…except in flash which is the worst culprit in my experience lol

At this rate we'll have to click yes to view a webpage..
The only problem is that the biggest source of browser plugin related crashes IMHO is Flash. The one enabled by default. At least in recent times it's usually Flash that crashes without pulling the browser down with it too.

I can understand why this is a good security move in general but there's a reason why there are so many Flash blockers produced.
So it's just noscript, but it doesn't block the things that everyone uses noscript for?
Did Java require confirmation before? If not, then it's worth it just for that, given the number of Java issues and viruses cropping up constantly.