Mozilla Adding Much Needed Opt-In Option for Firefox Plugins

There's nothing more annoying than loading up a web page and an embedded video -- typically commercial spots -- starts playing automatically. Sometimes the spots are hidden so well that they're hard to locate and pause, thus waking up the neighbors because the volume was cranked up even before the web page was accessed.

Honestly, there should be a law against this, but Mozilla seems to be developing a way for users to opt-in first before Flash ads, Java scripts and other content that uses plugins to automatically play. Mozilla's opt-in method could even help reduce threats like zero-day attacks that stem from exploiting security vulnerabilities in plugins.

"Whether you hate them or love them, content accessed through plugins is still a sizable chunk of the web. So much so, that over 99-percent of internet users have Flash installed on their browser," writes Mozilla software engineer Jared Wein in a blog.

According to Wein, the "click-to-play plugins" option was included in the nightly build of Firefox for desktop just days ago. Users wanting to take advantage of this feature immediately must download and install a nightly build, then go into about:config and enable the plugin.click_to_play flag.

"When plugins.click_to_play is enabled, plugins will require an extra click to activate and start 'playing' content," he reports. "This is an incremental step towards securing our users, reducing memory usage, and opening up the web."

Wein adds that he's currently working on implementing the ability for plugin activation settings to be remembered on a per-site basis. "I hope to get these changes landed within the next week before the deadline for Firefox 14," he says.

First-party support for a click-to-play option will be a welcome addition to Firefox. Currently there are third-party solutions that provide a similar service including the NoScript extension which blocks Flash, Silverlight, JavaScript, Java and other content by default. There's also Flashblock which blocks content with a static image which users must click if they want the media to play.

"Plugins are the most common source of user compromise, so not running them by default provides a defense against drive-by attacks, while still enabling them to run on sites where the user desires(YouTube, intranet, whatever)," states the Mozilla wiki. "Plugins can be installed without user interaction or consent, causing potential security and stability issues."

The Mozilla wiki also points out that plugins consume significant resources, both individually (i.e. Java starting because a given page requested it), and in aggregate (i.e. Flash consuming 30-percent of the CPU because of many ads and movies). Why an opt-in option hasn't been implemented by default before now is unknown given some mobile web browsers already offer this feature for faster web browsing.

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
31 comments
    Your comment
    Top Comments
  • pharoahhalfdeadI have a better idea, it's called Adblock.


    Actually, it's more like Flashblock. It blocks flash until you click it. I'm all for a solution that's built in instead of having to install an addon for it.
    19
  • jhansonxiMany non-advertisement Flash objects auto play. Not a problem if you are on broadband but it's a real annoyance on dial-up.


    It's also an annoyance when the entire page is grayed out and a advertisement pops in your face. I do believe Tomshardware does that.
    19
  • 99% have Flash installed? But I thought Saint Jobs said Flash was dead! Funny how that turned out...
    17
  • Other Comments
  • 99% have Flash installed? But I thought Saint Jobs said Flash was dead! Funny how that turned out...
    17
  • I have a better idea, it's called Adblock.
    16
  • Doesn't Opera already do this? Is this another stolen idea from Opera? Cause it seems like they are the true browser innovators.
    -1