Next Firefox will block all plugin content to step up security

In the wake of the security debacle Oracle's Java is going through, the folks at Mozilla are stepping up security in Firefox. According to a blog post by Director of Security Assurance at Mozilla, Michael Coates, the next version of the browser will block all plugin content like Flash, Java and Silverlight by default, and users would be given a Click-to-Play option. The new Firefox would expand on the Click-to-Play functionality Mozilla introduced in Firefox 17.


The earlier implementation of the feature only worked on plugins that were deemed outdated, vulnerable or included in a blocklist. The new implementation is set to work on all plugins by default, except for the latest version of Flash.

Click-to-Play lets users choose to load elements on a page. Plugin content on most pages on the web is loaded automatically along with the rest of the page, but users will now be able to click on a certain element when they want it to load.


This also helps in making the browser itself more stable. According to the blog post, “Poorly designed third-party plugins are the number one cause of crashes in Firefox and can severely degrade a user’s experience on the Web. This is often seen in pauses while plugins are loaded and unloaded, high memory usage while browsing, and many unexpected crashes of Firefox. By only activating plugins that the user desires to load, we’re helping eliminate pauses, crashes and other consequences of unwanted plugins.”

Firefox 14 released

Click-to-Play will make browsing smoother and safer


Security is also boosted with Click-to-Play, as a vulnerable plugin won't be able to load unless a user wants it to, thus keeping the computer safer from malware. "We’ve observed plugin exploit kits to be present on both malicious websites and also otherwise completely legitimate websites that have been compromised and are unknowingly infecting visitors with malware," the blog post reads.

Mozilla plans to enable Click-to-Play for all versions of all plugins, except for the current version of Flash. The feature has already been enabled for many plugins that have vulnerabilities, such as outdated versions of Silverlight, Adobe Reader and Java.

Mozilla released the latest version of Firefox earlier this month. The update, numbered at 18, features improvements that are mostly under the hood, including a new JavaScript compiler, preliminary support for WebRTC, and Retina support for Mac users.

You can grab the desktop version of the browser on the official website, and Android users can get the update through Google Play. The new JavaScript JIT compiler, which Mozilla has dubbed IonMonkey, promises a significant performance bump when displaying web apps, games and basically anything that uses JavaScript. Mozilla claims that IonMonkey makes web apps and games perform "up to 25 percent faster."

The changelogs also point out performance improvements around tab switching and better image quality with a new HTML scaling algorithm. There are also some changes for developers, like support for a new DOM property—window.devicePixelRatio—and improvement in startup time through better handling of extension certificates.

The Android version of the browser also received some upgrades, such as integration with Google Now, the ability to enable Safe Browsing, support for new fonts delivered through the browser, and an option to opt-in for search suggestions when entering text into the Awesome Bar.

While the beta releases of Firefox 18 had a built-in PDF viewer, it is absent from the final release. It is possible that Mozilla deemed it incomplete and decided to delay it till the next release.

Published Date: Jan 31, 2013 13:22 PM | Updated Date: Jan 31, 2013 13:22 PM