Firefox To Require Permission For Plug-Ins

  /     /     /  
Publicated : 22/11/2024   Category : security


Firefox To Require Permission For Plug-Ins


Mozilla hopes to make Firefox more secure by having users opt in for plug-ins.



Mozilla engineers are in the process of improving the security and speed of Firefox by implementing a permission switch for browser plug-ins.
In a
blog post
on Wednesday, Mozilla software engineer Jared Wein said that browser plug-ins are often the cause of security problems and system slowdowns and that click-to-play code has been added to Firefox nightly developer builds to control the activation of plug-ins.
When
plugins.click_to_play
is enabled, plug-ins will require an extra click to activate and start playing content, Wein explains. This is an incremental step towards securing our users, reducing memory usage, and opening up the Web.
[ Read about Amazons cloud-based search service. See
Amazon Returns To Search Business With CloudSearch
. ]
It may also further erode the usage of plug-in technologies such as Adobe Flash on desktop computers. In a Twitter post, privacy researcher Christopher Soghoian notes that the move
essentially kills Flash ads and Flash cookie tracking.
The impact of this new Firefox feature will depend on how it is expressed in default settings and on the various use cases that Firefox engineers end up supporting. For example, the click-to-play feature may include options to allow users to avoid having to reauthorize plug-ins on popular sites like YouTube. Mozilla does not want to make Firefox so secure its a hassle to use. However, such conveniences could undermine potential security and privacy benefits of requiring users to approve plug-in operation.
Google Chrome has for a while now included a similar permission mechanism for plug-ins, accessed via Settings/Under the Hood/Privacy-Content Settings/Plug-ins. But Chromes engineers evidently believe that users will have a better experience without having to approve plug-ins: Run automatically is singled out as the recommended option.
Mozilla is also considering whether to let previously granted plug-in approval expire
if the plug-in has not been used in the past 30 days
.
Apple recently adopted this expiration date approach to deal with the Flashback trojan that has affected over 600,000 Macs. In its
security update
released on Thursday, Apple said, As a security hardening measure, the Java browser plug-in and Java Web Start are deactivated if they are unused for 35 days.
Click-to-play for plug-ins is scheduled to arrive in Firefox 14.
When picking endpoint protection software, step one is to ask users what they think. Also in the new, all-digital
Security Software: Listen Up!
issue of InformationWeek: CIO Chad Fulgham gives us an exclusive look at the agencys new case management system, Sentinel; and a look at how LTE changes mobility. (Free registration required.)

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Firefox To Require Permission For Plug-Ins