New Plugin Disable add-on deactivates new plugins in Firefox - gHacks Tech News

New Plugin Disable add-on deactivates new plugins in Firefox

The automatic installation of new plugins in the Firefox browser is a big privacy, security and stability issue that Mozilla has yet to address.

Considering that the organization has not addressed the issue yet even though it has been known for years, it is unlikely that a patch will land soon in a Firefox version that prevents the installation of new plugins or at least prompts the user on the next start of the browser before completing the installation.

While it is certainly possible to block the installation of new plugins in Firefox manually, it requires access to the browser's advanced configuration and knowledge of the preferences that you need to modify to ensure that.

Basically, Firefox scans various folders and Registry keys on the system for plugin references. If it finds plugins during that scan, they get added to the browser silently.

To manage these, load about:config in the browser's address bar and hit enter. Confirm you will be careful and search for plugin.scan afterwards.

You get a list of preferences that define the locations that Firefox will scan in order to find plugins.

firefox plugins

To block the installation of Acrobat, Quicktime and Windows Media Player plugins, change the value to a version that has not been released yet, e.g. 99. The value defines the lowest version of the plugin that Firefox will install.

More interesting than that is plugin.scan.plid.all which is a reference to HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins and HKEY_CURRENT_USER\Software\MozillaPlugins on Windows.

If you are running a 64-bit version of Windows, you have to scan additional locations in the Registry to find all plugin locations. Java for instance is installed under a different Registry path if you run a 64-bit version of Windows.

The following paths need to be opened as well:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins
  • HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\MozillaPlugins

Disabling it is usually not a good idea unless you don't want any plugins to be used by Firefox.

It is usually better to open the Registry manually on Windows, go to the key and remove references to plugins from there that you don't want included in Firefox.

firefox plugins registry

Make sure you open all locations in the Registry. Dropbox Update and Google Update are for instance installed under HKEY_CURRENT_USER while Microsoft's Office plugin under HKEY_LOCAL_MACHINE.

While you may remove specific plugins this way, you cannot really block the installation of new plugins.

That's where the Firefox add-on New Plugin Disable comes into play. While it won't block the installation, it sets all new plugins to state 2 automatically which is the deactivated state. Deactivation means that the plugin won't be used by the browser at all.

firefox plugins never activate

The author of the plugin notes that it may not work for plugins added by Mozilla directly to the browser (e.g. OpenH264 Video Codec).

Still, if you don't want to block all Registry plugin references, this is a good option to make sure that new plugins will be deactivated in Firefox.

Now Read: How to remove plugins from Firefox

Summary
New Plugin Disable add-on deactivates new plugins in Firefox
Article Name
New Plugin Disable add-on deactivates new plugins in Firefox
Description
The New Plugin Disable add-on for the Firefox browser sets all newly installed plugins to never activate (disabled) automatically.
Author
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Tom Hawack said on May 26, 2015 at 10:16 am
    Reply

    Wise add-on, thanks for the info, Martin.

    Firefox/Firefox forks running in 64-bit mode are of course much less likely to encounter plugins installed blindly since most of those are only declined in 32-bit mode, and that is the only positive aspect when otherwise welcomed ones lack that 64-bit mode…

    Just a word for users running the excellent CCleaner application and who would ignore this :
    CCleaner includes in its Tools/Startup/Firefox page options to enable, disable, delete Firefox add-ons as well as plugins. This can come in handy should an add-on or plugin be problematic.

    1. Martin Brinkmann said on May 26, 2015 at 10:17 am
      Reply

      Good point. Another option that you have is to launch Firefox in Safe Mode by holding down Shift during start.

  2. onedeafeye said on May 26, 2015 at 6:41 pm
    Reply

    I opened about:config and looked for plugin.scan and came up with a blank page. I’m on Linux Mint. Should I be looking in a different place? I have 8 plugins listed in the addon manager.

    1. Martin Brinkmann said on May 26, 2015 at 6:57 pm
      Reply

      It is different on Linux and Mac systems, see http://kb.mozillazine.org/Issues_related_to_plugins and there Plugin location and especially “On Linux and Mac OS”.

      Basically, Firefox looks in the following locations on Linux:

      Directory pointed to by MOZ_PLUGIN_PATH environment variable (reference: https://developer.mozilla.org/en-US/Add-ons/Plugins/Gecko_Plugin_API_Reference/Plug-in_Basics#How_Gecko_Finds_Plug-ins)

      ~/.mozilla/plugins.
      /usr/lib/mozilla/plugins (on 64-bit systems, /usr/lib64/mozilla/plugins is used instead).
      Plug-ins within toolkit bundles.
      Profile directory/plugins, where Profile directory is a user profile directory.

  3. pd said on June 26, 2015 at 1:59 am
    Reply

    WARNING: in my one single experience so far (re-installing Flash as some shitty site required it), the New Plugin Disabler only works on browser load, not on the fly! This is potentially a huge limitation and Martin I’d suggest you may way to update this article to make that more clear and keep your users a little more aware/safer.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.