Mozilla has started to integrate click to play functionality into Firefox earlier this year. The feature basically blocks plugin contents from being executed automatically on websites when they are loaded in the browser. That's great to speed up web surfing and security as plugins may slow down the browsing and are often used to attack browsers.
The decision was then made to combine the browser's - optional - click to play feature with the blocklist feature that Mozilla maintains. The blocklist is a collection of plugin and add-on versions that impact the browser's security, stability or performance in a negative way. These programs are automatically blocked by Mozilla so that they are not loaded by the browser.
The idea was born to use the feature to inform Firefox users if certain plugins are not up to date anymore, and whether that has an impact on the safety, stability or performance of the web browser. To protect users out of the box, Mozilla decided to block outdated plugins using the click to play feature even if it has not been enabled by the user.
Firefox 17 users, those currently on the beta channel or higher), now benefit from the new feature as it has been activated for those browser versions. It is currently limited to select plugins only with the prospect to add new plugins to the list at a later point in time. The plugins currently detected and blocked are the following:
- Java Plugin 6 updates 33 through 36 (click-to-play), Linux
- Java Plugin 6 updates 36 and lower (click-to-play), Mac OS X
- Java Plugin 6 updates 33 through 36 (click-to-play), Windows
- Java Plugin 7 update 7 and 8 (click-to-play), Linux
- Java Plugin 7 update 7 and 8 (click-to-play), Windows
- Java Plugin 7 update 7 and 8 (click-to-play), Mac OS X
- Flash Player Plugin between 11.0 and 11.4.402.287 (click-to-play)
- Flash Player Plugin below 10.3.183.19 (click-to-play)
As you can see from the list, only specific Oracle Java and Adobe Flash versions are detected by the new feature of Firefox. Firefox users still have a choice in regards to the course of action. The plugins are disabled automatically, but can be activated manually again, which may be important to access contents at the very moment. Outdated versions include a link to Mozilla's plug-in check which links to the websites of Oracle or Adobe where the most recent plugin version can be downloaded and installed.
To summarize: Firefox 17 and newer users may notice click to play messages in the browser if they are running an outdated Java plugin or Flash Player plugin version in the web browser. They then have the option to activate the plugin to run it on the site they are on, or go to the plugin check website or the software download site of the plugin company directly to download and install the update on their system. Messages that may appear on the screen include:
- This plugin is vulnerable and should be updated. Check for updates. Click here to activate the "name" plugin.
- This plugin has security vulnerabilities. Click here to activate the "name" plugin.
Sites can be whitelisted so that the click to play feature is bypassed automatically if an old plugin version is run in the browser. This should please users who cannot or do not want to upgrade to a newer version of the plugin on the system, but also do not want to face the click to play message every time they visit a particular website.