Sign in with
Sign up | Sign in

Mozilla Adding Much Needed Opt-In Option for Firefox Plugins

By - Source: Kaspersky Lab | B 31 comments
Tags :

Mozilla is working on an opt-in option for Flash and other plugins that will be blocked from automatically playing in Firefox by default until the user gives permission.

There's nothing more annoying than loading up a web page and an embedded video -- typically commercial spots -- starts playing automatically. Sometimes the spots are hidden so well that they're hard to locate and pause, thus waking up the neighbors because the volume was cranked up even before the web page was accessed.

Honestly, there should be a law against this, but Mozilla seems to be developing a way for users to opt-in first before Flash ads, Java scripts and other content that uses plugins to automatically play. Mozilla's opt-in method could even help reduce threats like zero-day attacks that stem from exploiting security vulnerabilities in plugins.

"Whether you hate them or love them, content accessed through plugins is still a sizable chunk of the web. So much so, that over 99-percent of internet users have Flash installed on their browser," writes Mozilla software engineer Jared Wein in a blog.

According to Wein, the "click-to-play plugins" option was included in the nightly build of Firefox for desktop just days ago. Users wanting to take advantage of this feature immediately must download and install a nightly build, then go into about:config and enable the plugin.click_to_play flag.

"When plugins.click_to_play is enabled, plugins will require an extra click to activate and start 'playing' content," he reports. "This is an incremental step towards securing our users, reducing memory usage, and opening up the web."

Wein adds that he's currently working on implementing the ability for plugin activation settings to be remembered on a per-site basis. "I hope to get these changes landed within the next week before the deadline for Firefox 14," he says.

First-party support for a click-to-play option will be a welcome addition to Firefox. Currently there are third-party solutions that provide a similar service including the NoScript extension which blocks Flash, Silverlight, JavaScript, Java and other content by default. There's also Flashblock which blocks content with a static image which users must click if they want the media to play.

"Plugins are the most common source of user compromise, so not running them by default provides a defense against drive-by attacks, while still enabling them to run on sites where the user desires(YouTube, intranet, whatever)," states the Mozilla wiki. "Plugins can be installed without user interaction or consent, causing potential security and stability issues."

The Mozilla wiki also points out that plugins consume significant resources, both individually (i.e. Java starting because a given page requested it), and in aggregate (i.e. Flash consuming 30-percent of the CPU because of many ads and movies). Why an opt-in option hasn't been implemented by default before now is unknown given some mobile web browsers already offer this feature for faster web browsing.

Discuss
Ask a Category Expert

Create a new thread in the News comments forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
Top Comments
  • 19 Hide
    A Bad Day , April 14, 2012 6:07 PM
    jhansonxiMany non-advertisement Flash objects auto play. Not a problem if you are on broadband but it's a real annoyance on dial-up.


    It's also an annoyance when the entire page is grayed out and a advertisement pops in your face. I do believe Tomshardware does that.
  • 19 Hide
    pocketdrummer , April 14, 2012 5:30 PM
    pharoahhalfdeadI have a better idea, it's called Adblock.


    Actually, it's more like Flashblock. It blocks flash until you click it. I'm all for a solution that's built in instead of having to install an addon for it.
  • 17 Hide
    killerclick , April 14, 2012 5:06 PM
    99% have Flash installed? But I thought Saint Jobs said Flash was dead! Funny how that turned out...
Other Comments
    Display all 31 comments.
  • 17 Hide
    killerclick , April 14, 2012 5:06 PM
    99% have Flash installed? But I thought Saint Jobs said Flash was dead! Funny how that turned out...
  • 16 Hide
    pharoahhalfdead , April 14, 2012 5:15 PM
    I have a better idea, it's called Adblock.
  • -1 Hide
    phatboe , April 14, 2012 5:18 PM
    Doesn't Opera already do this? Is this another stolen idea from Opera? Cause it seems like they are the true browser innovators.
  • -1 Hide
    anonymous_user , April 14, 2012 5:24 PM
    I know Chrome/Chromium has click to play too.
  • 19 Hide
    pocketdrummer , April 14, 2012 5:30 PM
    pharoahhalfdeadI have a better idea, it's called Adblock.


    Actually, it's more like Flashblock. It blocks flash until you click it. I'm all for a solution that's built in instead of having to install an addon for it.
  • 13 Hide
    jhansonxi , April 14, 2012 5:35 PM
    pharoahhalfdeadI have a better idea, it's called Adblock.
    Many non-advertisement Flash objects auto play. Not a problem if you are on broadband but it's a real annoyance on dial-up.
  • 3 Hide
    twelch82 , April 14, 2012 5:40 PM
    I am reading the article and agreeing... however at the same time I note the flash advertisement video playing just to the right of the text.

    No sound, but still funny.
  • 19 Hide
    A Bad Day , April 14, 2012 6:07 PM
    jhansonxiMany non-advertisement Flash objects auto play. Not a problem if you are on broadband but it's a real annoyance on dial-up.


    It's also an annoyance when the entire page is grayed out and a advertisement pops in your face. I do believe Tomshardware does that.
  • 9 Hide
    richard694000 , April 14, 2012 6:23 PM
    I use adblock with fanboys filter list installed and rarely do i see any adds or pop ups. It works pretty good.But you do need a filter list or you still get some.
  • 5 Hide
    Anonymous , April 14, 2012 6:31 PM
    noscript does that by default..
  • 11 Hide
    sam buddy , April 14, 2012 6:36 PM
    Excellent decision by Mozilla.
    I hope they can do something similar for HTML5 ads and pop-ups, too, because the ad business is adapting.

    phatboeDoesn't Opera already do this? Is this another stolen idea from Opera? Cause it seems like they are the true browser innovators.


    Don't know if they do, but it's been done for years by browser plugins, so it's not that innovative. And it's certainly not stealing, it's actually respect to their users, since you will no longer have to run a plugin for that.
  • 0 Hide
    zanny , April 14, 2012 7:09 PM
    Honestly, there should be a law against this.


    This statement seems so backwards. If advertisers use flash ads, don't use the website that hosts them and tell them why you won't use the website. The sites should pressure advertisers not to do it or drop them as advertisers.

    Asking for a law to prevent open markets like advertising is such a stupid idea. Laws need to be a last resort when equilibrium functioning of whatever it is you are against isn't working without artificial constraints.
  • -4 Hide
    halcyon , April 14, 2012 7:46 PM
    Zanny
    Honestly, there should be a law against this.
    This statement seems so backwards. If advertisers use flash ads, don't use the website that hosts them and tell them why you won't use the website. The sites should pressure advertisers not to do it or drop them as advertisers.Asking for a law to prevent open markets like advertising is such a stupid idea. Laws need to be a last resort when equilibrium functioning of whatever it is you are against isn't working without artificial constraints.


    Hmmmm...okay...but still...there should be a law against this. If I want ads I'll ask for them...really.

  • 5 Hide
    Kreth , April 14, 2012 8:43 PM
    noscript + adblock works wonders
  • -1 Hide
    __-_-_-__ , April 14, 2012 8:44 PM
    it's called noscript
  • 3 Hide
    randyzie , April 14, 2012 9:39 PM
    All you people saying noscript need to read the article, we all know about it, and the article mentions how there is addons that already do this.
  • 1 Hide
    wavetrex , April 14, 2012 9:59 PM
    *cough*flashblock/adblock+*cough*

    ....
  • -3 Hide
    alidan , April 15, 2012 12:08 AM
    i do not want this integrated into the browser level, i want it to remain at an extension level.

    its easier to kill an extension than a hard wired part of the browser.
  • 2 Hide
    -Jackson , April 15, 2012 2:39 AM
    Zanny
    Honestly, there should be a law against this.
    This statement seems so backwards. If advertisers use flash ads, don't use the website that hosts them and tell them why you won't use the website. The sites should pressure advertisers not to do it or drop them as advertisers.Asking for a law to prevent open markets like advertising is such a stupid idea. Laws need to be a last resort when equilibrium functioning of whatever it is you are against isn't working without artificial constraints.

    At first it seems like good idea to do so, but a lot of sites rely on advertising for revenue, much like YouTube and Google.
  • 2 Hide
    Gundam288 , April 15, 2012 3:30 AM
    adblock plus, no script, and ghostery are 3 plugins I think should be required for anyone using Firefox. just saying....
Display more comments