The Firefox web browser supports plugins and browser extensions. The core difference is that plugins are loaded from external sources and often proprietary. They are currently enabled by default if Firefox notices them in one of the default plugin locations on the system.
This may be convenient as it means that sites that require these plugins for some or all of their functionality work right out of the box, but it is also a issue of control. Firefox users do not have a say initially whether a plugin will be activated in the browser or not. While it is certainly possible to disable identified plugins, it is something that happens after the plugin has been enabled in the browser. You can also enable click to play to prevent the automatic loading of plugins in the browser.
Mozilla introduced click to play some time ago, a feature that Firefox users need to enable before they can make use of it. Later, click to play was used to block insecure plugins automatically in the browser.
It is still up to the user to activate a blocked plugin, even though it is not recommended to do so as it makes the browser and underlying system vulnerable to exploits targeting those vulnerabilities.
Mozilla today announced the next step to put users in charge of plugins in the browser. Instead of making click to play a choice, it will be enabled for all plugins in the future except for the current version of Adobe's Flash plugin. Michael Cotes, Director of Security Assurance outlined the upcoming steps of the implementation.
What this means is that plugins won't be enabled by default anymore in the browser with the exception of the current version of Adobe Flash. It is not clear why Flash is exempt from the process but the most likely explanation is that it is the most widely used plugin and that users would probably flood Mozilla with support requests if it would be included.
The benefit for Firefox users should be clear. Instead of having to monitor installed plugins regularly to disable those that are not needed, it is now done automatically so that plugins that are not used are not automatically available when websites request access to them.
Click to play gives users options to always run plugins on a site so that the click to play message does not appear every time a page is opened on that website. Mozilla furthermore plans to add options to enable plugins only for specific sites by default, e.g. Flash for Vimeo or Java for a bank's site that requires it.
The drawback is that users will see those messages in the browser frequently at first, for instance on YouTube. While it takes just two clicks or so to activate plugins permanently on a site, it needs to be done for all sites that require plugins to run.
Keeping plugins disabled by default is a welcome change, considering that the majority of plugins installed in the browser are likely never used anyway. The effectiveness of the change depends largely on the notifications that users will receive when they need to make a decision whether to run a plugin or not.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.