Mozilla to start blocking plugins by default in Firefox
Mozilla planned to enable the click to play feature in Firefox 26 for all users when the browser was released back in 2013.
Click to play blocks the execution of plugins automatically so that websites cannot load contents that make use of browser plugins.
Users have then the option to keep the block in place, enable the plugin on the website for the time being,or enable it permanently on the site in question.
Shortly before Firefox 26 hit the stable channel, Mozilla decided to limit click to play to the Java plugin in the release.
What this meant was that Java was the only plugin that was set to "ask to activate" in the browser's plugin manager, instead of all plugins except for Adobe Flash.
Mozilla published an update in regards to that two days ago on the Mozilla Security blog. Chad Weiner, Mozilla's director of product management, announced on the organization's behalf that Firefox would start to block plugins by default very soon.
The wording used confused me at first, but once I realized that blocking meant the same as click to play, it all became clearer.
Here is what is going to happen. Mozilla made the decision to block all plugins in one of the next versions of Firefox. Blocking in this regard means setting to click to play, not block entirely so that users of the browser cannot load contents anymore that require these plugins.
Plugin authors can apply for inclusion in a whitelist. The application deadline is March 31, 2014, and any application received before the deadline will be reviewed by Mozilla.
If the inclusion in the whitelist is granted, the plugin in question will be given whitelist status which effectively means that it is exempt for a 30 weeks grace period. Plugin authors can then apply for a second round, and if granted again, their plugins are except for another 24 weeks.
What's interesting in this regard is that the whitelist application needs to include a "credible plan" to migrate away from the use of NPAPI-based plugins.
Here is the important part if you are a Firefox user:
- Plugins will be set to click to play in one of the coming releases.
- Only plugins that are added to the whitelist are exempt from this.
- You can still run any plugin in Firefox.
You can enable click to play right now in your browser, as outlined in the following guide. There are two steps to enable click to play in Firefox right now:
- Type about:config in the browser's address bar and hit enter.
- Confirm you will be careful.
- Search for the preference plugins.click_to_play
- Make sure it is set to true. If not, double-click on it.
- Open about:addons and switch to plugins here.
- Click on the menu next to a plugin listing and switch the value to "ask to activate". This enables click to play for the plugin.
Tip 1: For a better manageability of your click to play whitelist, use the Firefox add-on Click To Play Manager.
Tip 2: For options to enable only select elements on a page and not all, use click to play per element.
What are Mozilla's reasons for doing so?
The organization notes that plugins are one of the core reasons for poor performance, stability issues and security vulnerabilities. Setting plugins to click to play resolves many of those issues, especially on sites where it may not be apparent to the user of the browser that plugin contents are being loaded.
Click to play protects Firefox users from dangers on the Internet, without removing any functionality the browser provides. That's different from how Google decided to handle things, as the company announced that it would block the use of all NPAPI plugins in the Chrome browser this year.