Mozilla's Flash plugin replacement Shumway lands in Firefox Nightly

Martin Brinkmann
Oct 2, 2013
Updated • Oct 3, 2013
Firefox
|
16

The majority of browser developers agree that plugins based on Netscape's old NPAPI are bad and that HTML5 is the future of the Internet. This has several reasons, with major ones being compatibility, stability and security. Companies disagree on how that future will look like in particular though. Google for instance introduced its Pepper API in Chromium and Chrome, and is still making use of plugins. The only difference here is that they use the new API and not the old one.

Mozilla's take on the matter is different. The company wants to get rid of plugins completely, and has been working on replacements for popular ones for some time now.

Shumway is the organization's idea to replace Adobe's Flash Player on the Internet. It has been working on the project since 2012. The main goal of the project is to create a platform for parsing and rendering SWF files. Unlike Google's implementation, which is reserved to Chromium-based browsers, Mozilla's is completely open and released as open source on Github.

Shumway lands in Firefox

Shumway has been available in form of a browser extension for some time now for testing purposes. This extension is still available, but Mozilla landed the core code in the Nightly version of Firefox today.

The technology is not enabled by default right now, but that can be easily done. Shumway has additional requirements though, and you may need to make changes to certain preferences in Firefox to make it work at all.

  1. Adobe Flash Player still needs to be installed, and it needs to be set to Ask to Activate in the Add-ons Manager.
  2. Click to Play needs to be enabled in Firefox.

With that out of the way, load about:config in the browser's address bar and hit the enter key. If this is your first time here, confirm that you will be careful. Now search for shumway using the search form up top, and double-click the preference to change the value of shumway.disabled from true to false.  Restart Firefox afterwards to complete the operation.

You should not expect miracles right now though. A quick test on popular sites such as Kongregate or YouTube turned out that it is not really able to replace Flash just yet on these sites. It did not work at all on YouTube for example, with Flash being used automatically on the site even though click to play was enabled. On Kongregate, games would not load but display the Shumway logo in the lower corner.

The Shumway extension supported several parameters that were not set by default in Firefox, and it seems that the native integration supports at least some of those as well. You can check out this Github Wiki page for a list of supported configuration parameters.

Closing Words

Code integration is a major step for the project, and while it will certainly take some time before the implementation lands in the stable version of Firefox, it is fair to say that Mozilla is making good progress so far. It remains to be seen if Shumway will be able to replace Adobe Flash fully though in Firefox and maybe also other browsers out there.

Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Patrick Dreier said on February 19, 2015 at 9:44 pm
    Reply

    Hello!

    Shumway is not good because it is only for only for Firefox and Google Chrome.
    Adobe Flash Player is better, because it is runing on all Browsers.

    1. Hussam Al-Tayeb said on July 1, 2015 at 7:51 pm
      Reply

      That’s not the only criteria. Adobe’s flash plugin for Linux has many security bugs. While Adobe does keep fixing them, there will be a time when an alternative is a safer route.

  2. Erick said on July 26, 2014 at 10:48 pm
    Reply

    The Extension can be installed at: http://mozilla.github.io/shumway/extension/firefox/shumway.xpi
    Then just disable Flash Player at Extensions menu: press “Ctrl + Shift + A”, then go to Plugins.
    More info: http://mozilla.github.io/shumway/

  3. Anonymous said on October 9, 2013 at 2:35 pm
    Reply

    dear sir,
    adobe flash player plung in kis trha download hoga…

    1. mohamed said on January 9, 2014 at 12:32 am
      Reply

      thank you

  4. trlkly said on October 5, 2013 at 4:28 am
    Reply

    Getting rid of Flash, once there’s something good enough to replace it, makes sense. Getting rid of plugins altogether is even stupider than forcing all addons on a single toolbar as an effort to make the browser more customizable.

    1. Pierre said on October 6, 2013 at 7:02 pm
      Reply

      I don’t agree : they don’t want to replace all plugins, only the main ones (readers).
      But Mozilla policy (replacing main plugins by native functions) is criticized : slow, use of interpreted languages, etc. Cf the debate following this article if you read French

      http://www.clubic.com/navigateur-internet/mozilla-firefox/actualite-590018-firefox-mozilla-amorce-transition-flash-shumway.html

  5. pavangudimella said on October 4, 2013 at 7:34 am
    Reply

    It is so good

  6. Pierre said on October 3, 2013 at 3:12 pm
    Reply

    I tried to activate shumway in Nightly, it doesn’t work or I didn’t succeed in it

  7. Bilal Malik said on October 3, 2013 at 2:08 pm
    Reply

    I used to use the extension of chromes like Ginger and other extension. But now I’ve got used to using Mozila. It’s nice to read that Mozila has been working to replace Adobe since 2012. Just waiting for it. It could be more interesting and Google Chrome will have to think about it.

    Nice post. Thanks.

  8. Transcontinental said on October 3, 2013 at 11:31 am
    Reply

    Couldn’t agree more with SubgeniusD’s comment — the remark on a misprint apart, too obvious — when indeed Adobe has been, still is marketing its products as if they were tied in a natural way to whatever system when it comes to rendering, name it Flash, name it PDF …

    Here in France I am not far from believing that masses of programmers, high-skilled for big companies, even State-owned Web sites, have been technically educated to present Adobe, it’s Reader in the first place, as THE reader, with NO alternative!

    The Web must remain free, and that included propriety emprisonements.

  9. SubgeniusD said on October 3, 2013 at 6:42 am
    Reply

    “Chromium and Chrome, and is using still making use of” – delete “using” and the sentence is perfect. It’s understandable as is but I know you like to polish rough spots in these great articles.

    From a security perspective this is a very positive area of development given how slowly HTML 5 is maturing as the de facto web media format. Most users are infected through their browsers and Adobe garbage – I mean products – are consistently a major source of vulnerability.

    Checking this site from time to time – http://www.us-cert.gov/ncas/bulletins/ – I see Adobe, esp Flashplayer, listed every other week in the High Vulnerability section.

    1. judah said on November 7, 2013 at 8:17 am
      Reply

      I’m not sure if I’m doing this right but I looked at the same website and across the field the Flash Player has half to two thirds as many vulnerabilities per year than the other products I’ve listed here.

      If you take only the Flash Player itself and not include software that uses it such as Adobe Acrobat, the vulnerabilities are much much lower. I think less than 10 instances. Surprisingly, Silverlight has less than 5??? Flash Player included in it’s containers was around 50 and the others were around 100 to 200 per year.

      Flash Player – http://1.usa.gov/HKHfv5
      Firefox – http://1.usa.gov/1bceSiH
      Chrome – http://1.usa.gov/1asUgjP
      Internet Explorer – http://1.usa.gov/1bcfMfg – does not include activex, etc
      Microsoft Windows – http://1.usa.gov/1asUtn8
      Silverlight – http://1.usa.gov/19FmcFb

      I mainly use HTML, PHP and Flash and Flex for developing applications. Flash / Flex apps can be exported to mobile, desktop and web using one code base and run natively or in a vm and it looks the same on all platforms. I’ve chosen it because it’s easy to use, I save time and I can target the most devices.

      I would love to see Shumway work especially since the SWF format is an awesome container for delivering content.

      1. SubgeniusD said on November 13, 2013 at 8:35 am
        Reply

        I was pointing a finger at Adobe and their lax programming standards using that link as a handy reference, not presenting a polished statistical analysis.

        Just casually click through Vulnerability Summaries Dec 24 2012 – Apr 8 2013; Out of 16 weeks Adobe is listed in the High Vulnerability sections 8 times, Flashplayer several times. No need to research further. That’s a pattern, a ridiculous, unacceptable pattern.

    2. Anon said on October 25, 2013 at 9:06 pm
      Reply

      Interesting, looking back over the past couple of months I don’t see Flash listed on http://www.us-cert.gov/ncas/bulletins/ at all. I do see Firefox listed several times.

  10. Andrew said on October 2, 2013 at 11:19 pm
    Reply

    This is… just amazing… I really do look forward to when it becomes complete.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.