The automatic installation of new plugins in the Firefox browser is a big privacy, security and stability issue that Mozilla has yet to address.
Considering that the organization has not addressed the issue yet even though it has been known for years, it is unlikely that a patch will land soon in a Firefox version that prevents the installation of new plugins or at least prompts the user on the next start of the browser before completing the installation.
While it is certainly possible to block the installation of new plugins in Firefox manually, it requires access to the browser's advanced configuration and knowledge of the preferences that you need to modify to ensure that.
Basically, Firefox scans various folders and Registry keys on the system for plugin references. If it finds plugins during that scan, they get added to the browser silently.
To manage these, load about:config in the browser's address bar and hit enter. Confirm you will be careful and search for plugin.scan afterwards.
You get a list of preferences that define the locations that Firefox will scan in order to find plugins.
To block the installation of Acrobat, Quicktime and Windows Media Player plugins, change the value to a version that has not been released yet, e.g. 99. The value defines the lowest version of the plugin that Firefox will install.
More interesting than that is plugin.scan.plid.all which is a reference to HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins and HKEY_CURRENT_USER\Software\MozillaPlugins on Windows.
If you are running a 64-bit version of Windows, you have to scan additional locations in the Registry to find all plugin locations. Java for instance is installed under a different Registry path if you run a 64-bit version of Windows.
The following paths need to be opened as well:
Disabling it is usually not a good idea unless you don't want any plugins to be used by Firefox.
It is usually better to open the Registry manually on Windows, go to the key and remove references to plugins from there that you don't want included in Firefox.
Make sure you open all locations in the Registry. Dropbox Update and Google Update are for instance installed under HKEY_CURRENT_USER while Microsoft's Office plugin under HKEY_LOCAL_MACHINE.
While you may remove specific plugins this way, you cannot really block the installation of new plugins.
That's where the Firefox add-on New Plugin Disable comes into play. While it won't block the installation, it sets all new plugins to state 2 automatically which is the deactivated state. Deactivation means that the plugin won't be used by the browser at all.
The author of the plugin notes that it may not work for plugins added by Mozilla directly to the browser (e.g. OpenH264 Video Codec).
Still, if you don't want to block all Registry plugin references, this is a good option to make sure that new plugins will be deactivated in Firefox.
Now Read: How to remove plugins from Firefox
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.