- V3 Apps
Mozilla has announced that Firefox will automatically block the use of Silverlight, Java and outdated Flash plugins in its browser.
Users will now have to manually give the browser permission to use a variety of plugins. The tool uses Firefox's established click-to-play system. Mozilla claimed the feature will give Firefox increased security and performance benefits.
"Mozilla is changing the way Firefox loads third party plugins such as Flash, Java and Silverlight," wrote Mozilla director of security assurance Michael Coates in a blog post.
"This change will help increase Firefox performance and stability, and provide significant security benefits, while at the same time providing more control over plugins to our users."
Using the click-to-play feature Mozilla will block all plugins except the most recent version of Flash. Users will have the option to enable every, or no, plugins during installation.
Those who opt into click-to-play will have opportunity to define which plugins can be used on an individual basis. Firefox users will also be able to decide which plugins get used based on the site they are browsing.
A key component to the switch is to increase security, according to Coates, who said the use of outdated plugins can have reduce consumers' security.
Coates said that during internal Mozilla testing it was discovered that old plugins could allow malware attacks via legitimate websites.
"We've observed plugin exploit kits to be present on both malicious websites and also otherwise completely legitimate websites that have been compromised and are unknowingly infecting visitors with malware," continued Coates.
"In these situations the website doesn't have any legitimate use of the plugin other than exploiting the user's vulnerable plugin to install malware on their machine."
Mozilla also highlighted the performance boost that can come from opt-in plugins. The company says that by removing poorly designed plugins from Firefox users will see an increase in browser speed and stability.
The decision to turn Java into a click-to-play plugin comes follow repeated issues with the platform. Security experts have continued to call for the plugin to be turned off following recent discoveries of vulnerabilities in the platform.