New Plugin Disable add-on deactivates new plugins in Firefox
The automatic installation of new plugins in the Firefox browser is a big privacy, security and stability issue that Mozilla has yet to address.
Considering that the organization has not addressed the issue yet even though it has been known for years, it is unlikely that a patch will land soon in a Firefox version that prevents the installation of new plugins or at least prompts the user on the next start of the browser before completing the installation.
While it is certainly possible to block the installation of new plugins in Firefox manually, it requires access to the browser's advanced configuration and knowledge of the preferences that you need to modify to ensure that.
Basically, Firefox scans various folders and Registry keys on the system for plugin references. If it finds plugins during that scan, they get added to the browser silently.
To manage these, load about:config in the browser's address bar and hit enter. Confirm you will be careful and search for plugin.scan afterwards.
You get a list of preferences that define the locations that Firefox will scan in order to find plugins.
To block the installation of Acrobat, Quicktime and Windows Media Player plugins, change the value to a version that has not been released yet, e.g. 99. The value defines the lowest version of the plugin that Firefox will install.
More interesting than that is plugin.scan.plid.all which is a reference to HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins and HKEY_CURRENT_USER\Software\MozillaPlugins on Windows.
If you are running a 64-bit version of Windows, you have to scan additional locations in the Registry to find all plugin locations. Java for instance is installed under a different Registry path if you run a 64-bit version of Windows.
The following paths need to be opened as well:
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins
- HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\MozillaPlugins
Disabling it is usually not a good idea unless you don't want any plugins to be used by Firefox.
It is usually better to open the Registry manually on Windows, go to the key and remove references to plugins from there that you don't want included in Firefox.
Make sure you open all locations in the Registry. Dropbox Update and Google Update are for instance installed under HKEY_CURRENT_USER while Microsoft's Office plugin under HKEY_LOCAL_MACHINE.
While you may remove specific plugins this way, you cannot really block the installation of new plugins.
That's where the Firefox add-on New Plugin Disable comes into play. While it won't block the installation, it sets all new plugins to state 2 automatically which is the deactivated state. Deactivation means that the plugin won't be used by the browser at all.
The author of the plugin notes that it may not work for plugins added by Mozilla directly to the browser (e.g. OpenH264 Video Codec).
Still, if you don't want to block all Registry plugin references, this is a good option to make sure that new plugins will be deactivated in Firefox.
Now Read: How to remove plugins from Firefox
WARNING: in my one single experience so far (re-installing Flash as some shitty site required it), the New Plugin Disabler only works on browser load, not on the fly! This is potentially a huge limitation and Martin I’d suggest you may way to update this article to make that more clear and keep your users a little more aware/safer.
I opened about:config and looked for plugin.scan and came up with a blank page. I’m on Linux Mint. Should I be looking in a different place? I have 8 plugins listed in the addon manager.
It is different on Linux and Mac systems, see http://kb.mozillazine.org/Issues_related_to_plugins and there Plugin location and especially “On Linux and Mac OS”.
Basically, Firefox looks in the following locations on Linux:
Directory pointed to by MOZ_PLUGIN_PATH environment variable (reference: https://developer.mozilla.org/en-US/Add-ons/Plugins/Gecko_Plugin_API_Reference/Plug-in_Basics#How_Gecko_Finds_Plug-ins)
~/.mozilla/plugins.
/usr/lib/mozilla/plugins (on 64-bit systems, /usr/lib64/mozilla/plugins is used instead).
Plug-ins within toolkit bundles.
Profile directory/plugins, where Profile directory is a user profile directory.
Wise add-on, thanks for the info, Martin.
Firefox/Firefox forks running in 64-bit mode are of course much less likely to encounter plugins installed blindly since most of those are only declined in 32-bit mode, and that is the only positive aspect when otherwise welcomed ones lack that 64-bit mode…
Just a word for users running the excellent CCleaner application and who would ignore this :
CCleaner includes in its Tools/Startup/Firefox page options to enable, disable, delete Firefox add-ons as well as plugins. This can come in handy should an add-on or plugin be problematic.
Good point. Another option that you have is to launch Firefox in Safe Mode by holding down Shift during start.