Mozilla Adding Much Needed Opt-In Option for Firefox Plugins
Mozilla is working on an opt-in option for Flash and other plugins that will be blocked from automatically playing in Firefox by default until the user gives permission.
There's nothing more annoying than loading up a web page and an embedded video -- typically commercial spots -- starts playing automatically. Sometimes the spots are hidden so well that they're hard to locate and pause, thus waking up the neighbors because the volume was cranked up even before the web page was accessed.
Honestly, there should be a law against this, but Mozilla seems to be developing a way for users to opt-in first before Flash ads, Java scripts and other content that uses plugins to automatically play. Mozilla's opt-in method could even help reduce threats like zero-day attacks that stem from exploiting security vulnerabilities in plugins.
"Whether you hate them or love them, content accessed through plugins is still a sizable chunk of the web. So much so, that over 99-percent of internet users have Flash installed on their browser," writes Mozilla software engineer Jared Wein in a blog.
According to Wein, the "click-to-play plugins" option was included in the nightly build of Firefox for desktop just days ago. Users wanting to take advantage of this feature immediately must download and install a nightly build, then go into about:config and enable the plugin.click_to_play flag.
"When plugins.click_to_play is enabled, plugins will require an extra click to activate and start 'playing' content," he reports. "This is an incremental step towards securing our users, reducing memory usage, and opening up the web."
Wein adds that he's currently working on implementing the ability for plugin activation settings to be remembered on a per-site basis. "I hope to get these changes landed within the next week before the deadline for Firefox 14," he says.
"Plugins are the most common source of user compromise, so not running them by default provides a defense against drive-by attacks, while still enabling them to run on sites where the user desires(YouTube, intranet, whatever)," states the Mozilla wiki. "Plugins can be installed without user interaction or consent, causing potential security and stability issues."
The Mozilla wiki also points out that plugins consume significant resources, both individually (i.e. Java starting because a given page requested it), and in aggregate (i.e. Flash consuming 30-percent of the CPU because of many ads and movies). Why an opt-in option hasn't been implemented by default before now is unknown given some mobile web browsers already offer this feature for faster web browsing.