All the latest UK technology news, reviews and analysis


Firefox blockade ensnares Silverlight, Flash and Java plugins

30 Jan 2013
Firefox logo on black background

Mozilla has announced that Firefox will automatically block the use of Silverlight, Java and outdated Flash plugins in its browser.

Users will now have to manually give the browser permission to use a variety of plugins. The tool uses Firefox's established click-to-play system. Mozilla claimed the feature will give Firefox increased security and performance benefits.

"Mozilla is changing the way Firefox loads third party plugins such as Flash, Java and Silverlight," wrote Mozilla director of security assurance Michael Coates in a blog post.

"This change will help increase Firefox performance and stability, and provide significant security benefits, while at the same time providing more control over plugins to our users."

Using the click-to-play feature Mozilla will block all plugins except the most recent version of Flash. Users will have the option to enable every, or no, plugins during installation.

Those who opt into click-to-play will have opportunity to define which plugins can be used on an individual basis. Firefox users will also be able to decide which plugins get used based on the site they are browsing.

A key component to the switch is to increase security, according to Coates, who said the use of outdated plugins can have reduce consumers' security.

Coates said that during internal Mozilla testing it was discovered that old plugins could allow malware attacks via legitimate websites.

"We've observed plugin exploit kits to be present on both malicious websites and also otherwise completely legitimate websites that have been compromised and are unknowingly infecting visitors with malware," continued Coates.

"In these situations the website doesn't have any legitimate use of the plugin other than exploiting the user's vulnerable plugin to install malware on their machine."

Mozilla also highlighted the performance boost that can come from opt-in plugins. The company says that by removing poorly designed plugins from Firefox users will see an increase in browser speed and stability.

The decision to turn Java into a click-to-play plugin comes follow repeated issues with the platform. Security experts have continued to call for the plugin to be turned off following recent discoveries of vulnerabilities in the platform.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
James Dohnert
About

James is a freelance writer and editor. In addition to ClickZ, his work has appeared in publications like V3, The Commonwealth Club, CachedTech.com, and Shonen Jump magazine. He studied Journalism at Weber State University.

More on Internet
What do you think?
blog comments powered by Disqus
Poll

IT curriculum poll

With coding now compulsory in schools, how important are digital skills for the next generation of school leavers?
62%
9%
20%
9%

Popular Threads

Powered by Disqus
V3 Security Summit

V3 Security Summit Day 1: Advanced threat, IoT and phishing guidance incoming

Register and stay tuned for the latest cyber security news, analysis and guidance

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

C# Software developer (ASP.NET, C#, WPF, SQL, CSS , HTML)

C# Software developer (ASP.NET, C#, WPF, SQL, CSS , HTML...

Front-Office Developer (C#, .NET, Java, Artificial Intelligence

Front-Office Developer (C#, .NET, Java, Artificial Intelligence...

Senior Web UI Engineer

Web UI Engineer (HTML5, CSS3, JavaScript Angular.js...

Graduate Java/ C# SQL Client Facing Consultant (C#, Java, SQL)

Graduate Java/ C# SQL Client Facing Consultant (C#, Java...
To send to more than one email address, simply separate each address with a comma.