Firefox maker Mozilla have announced that the browser will soon block all browser plug-ins except Adobe Flash Player by default.
Michael Coates, Mozilla director of security assurance spoke out in a blog posting “One of the most common exploitation vectors against users is drive-by exploitation of vulnerable plug-ins.”
He added that “poorly designed third party plugins are the No.1 cause of crashes in Firefox and can severely degrade a user's experience on the Web.”
The move will certainly cut down on the number of browser exploits affecting Firefox. Dozens of them have been designed against Flash, Adobe Reader and Java browser plug ins. By simply browsing a corrupted website it is possible to get infected immediately.
Java browser exploits have become such a serious issue that Firefox have disabled Java plug ins completely.
Coates said “This change will help increase Firefox performance and stability, and provide significant security benefits, while at the same time providing more control over plug-ins to our users.”
Future versions of Firefox will ask users to approve each instance when a plug in is called into action. Mozilla are calling it the ‘Click to Play' system.
The only plug in that Firefox will automatically load for all sites is the latest current version of Flash Player by Adobe, which is used by so many sites that it would prove a usability issue for the end user. They are blocking older versions of the flash plug in however as they have outdated security patches. This will be updated with every version of the browser and player.
To see which plug-ins you have running on your Firefox browser, and which of those need to be updated head to https://www.mozilla.org/en-US/plugincheck/
Kitguru says: A good idea, especially with such a proliferation of malicious code.
Interesting move, but I think it only makes the user experience more enjoyable when the browser doesn’t crash because of trashy code.