Mozilla: Firefox Now Deactivating Most Plug-Ins by Default

Not to be outdone by Google's report of blocking most plugins within Chrome starting January 2014, Mozilla updated its own blog reporting that Firefox will no longer activate most plugins by default, starting with the latest Aurora release.

On Tuesday, Mozilla's Benjamin Smedberg said that when a website tries to use a plugin, users can choose whether to enable it or keep it blocked. Ultimately, this should provide a better Firefox experience on a performance level, as plugins are known to be a source of hangs, crashes, and security incidents. Putting control in the hands of users should keep them more secure and the browser running more smoothly.

However, the one plugin that won't be blocked by default is Adobe Flash because it's used just about everywhere on the World Wide Web.

"Many websites use 'hidden' Flash instances that the user does not see and cannot click on; making Flash click-to-play would be confusing for most users," he said. "Users with older versions of Flash that are known to be insecure will see the click-to-activate UI and will be prompted to upgrade to the latest version. Our security and plugin teams work closely with Adobe to make sure that Firefox users are protected from instability or security issues in the Flash plugin."

Back in March, Mozilla conducted a user research survey on the prototype implementation of click-to-play plugins (pdf), and quickly discovered that many Firefox users actually had no idea what a plugin was. As Smedberg pointed out earlier in his blog, many plugins go unnoticed on web pages, so when participants suddenly had to enable these plugins on the same site repeatedly, they grew highly annoyed or confused. Mozilla decided to fix that.

"We redesigned the click-to-play feature to focus on enabling plugins per-site, rather than enabling individual plugin instances on the page," he said. "Advanced users who want to activate individual instances may still do so by installing a Firefox extension. We encourage people who want to try the new plugin experience to use the Mozilla Nightly or Aurora preview releases."

At one time, plugins were ideal for prototyping and implementing new features, but now that browsers have matured, these features can be tested within the browser environment thanks to WebGL, WebSockets, WebRTC and asm.js. Plugins have become legacy technology, they're a consistently growing security threat, and are not used on most mobile devices.

Mozilla is now encouraging website developers to ditch plugins if possible, and to hit the project list to request plugin features not available in the web platform.

Google said earlier this week that most plugins will be outright banned in Chrome starting January. As of Monday, the Chrome Web Store began rejecting new Apps and Extensions based on the Netscape-based plugin tech, and will delist current NPAPI-based Apps and Extensions in May 2014, followed by a complete removal in September 2014. Installed Apps and Extensions will continue to work until support for NPAPI is removed at the end of 2014.

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
Comment from the forums
    Your comment
    Top Comments
  • Usersname
    I wish Internet Explorer would uninstall itself.
  • Other Comments
  • srap
    Just two things:
    1: Only the last few versions of Flash will not be blocked, older and more insecure (Flash is never secure) versions will also need to be clicked.
    2: Plugins are less useful nowadays, but still not useless: DRM protected content cannot be distributed or served one the net with the alternatives.

    And here is a link for the aforementioned add-on:
  • Usersname
    I wish Internet Explorer would uninstall itself.
  • Usersname
    Ha! That last post just earned me a Tom's "Night Owl" badge and it's the middle of the day here. Doesn't Tom's detect each users local time?