Firefox, DRM, and the end of NPAPI

Martin Brinkmann
Apr 11, 2016
Updated • Feb 3, 2017

There has been lots of talk about the end of the classic NPAPI interface which is currently supported by all versions of Firefox to make third-party technologies available in the browser.

The most popular plugins currently supported are Adobe Flash and Java, but there are more plugins that Firefox may pick up to make their functionality available.

Google kicked NPAPI out in Chrome 45 when it stopped support for NPAPI, and Mozilla announced that it would end support as well.

Google's advantage over Mozilla is that Chrome ships with a version of Flash built-in to the browser which means that the most popular NPAPI plugin is still available in Chrome, albeit in a different form.

Since Mozilla does not have an agreement with Adobe to do the same, it is at a significant disadvantage as the removal of NPAPI support would result in Firefox not supporting any Flash content on the Internet anymore.

Chrome on the other hand does not support any other NPAPI plugin which means for instance that you cannot run JAVA or Silverlight content in the browser anymore.

Firefox and DRM

Mozilla has been in a precarious position in regards to DRM functionality in Firefox. It had the option to integrate DRM playback capabilities to Firefox, which would please users who use services like Netflix on the browser but displease users who don't want DRM capabilities in the browser, or don't support DRM which would force users who want to use services that require them for streaming to switch to another browser for that but please users who oppose DRM in any form.

Mozilla added Adobe Primetime Content Decryption Module (CDM) in Firefox 38 to support DRM HTML5 streams.

Firefox users may have noticed that Primetime is listed as a plugin in the browser by default, and that there is also a OpenH264 Video Codec provided by Cisco for the same purpose. If you have not, type about:addons in the browser and switch to plugins when the page has loaded.

These plugins are set to "always activate", and the only other option you have is to set them to "never activate". The option "ask to activate" is not available.

Firefox users can disable the DRM on about:config as outlined in the linked article above. This removes the plugins from Firefox.

It is very likely that Widevine will get its own "turn off" switch once it is made available. Also, Mozilla maintains a special version of Firefox that is DRM free.

Update: Mozilla plans to remove support for Adobe Primetime in Firefox 52. This leaves Google Widevine CDM as the content decryption module the browser supports.

Google Widevine CDM


Mozilla announced a couple of days ago that it plans to bring another content decryption module to Firefox. The organization will push Google's Widevine CDM to Firefox Nightly soon which will add support for HTML5 video content that requires DRM to Firefox to add support for sites that rely on Widevine for that.

According to Mozilla, it is an alternative for "streaming services that currently rely on Silverlight for playback of DRM-protected video content".

The plugin will only be made available to Windows and Mac versions of Firefox, and it will only be downloaded to the browser when a user visits a site that requires it.

Update: Google Widevine is also available for Linux versions of Firefox since version 49.

The integration ensures that Firefox covers both Flash and Silverlight DRM on the Internet after the termination of support for NPAPI support.

The end of NPAPI

Up until now, Mozilla stated that support for NPAPI would end at the end of 2016 but did not reveal exactly when it would happen.

A post on in February revealed updated plans. According to the information posted there, Mozilla plans to remove NPAPI support in Firefox 53 which will be out in March 2017.

The next Firefox ESR (Extended Support Release) version is 52 and will receive security updates for a year. By removing NPAPI in Firefox 53, the release *after* the ESR, users that need NPAPI support can continue to switch to Firefox ESR 52 and keep using NPAPI plugins until May 2018.

The main reason why Firefox 53 is picked is that Firefox 52 is a new ESR release. This means that anyone on ESR will be able to use NPAPI plugins until that version is no longer used and that is not before May 2018.


Check out our release schedule for Firefox for exact dates (added when they become available).

  • Firefox 52: new ESR version
  • Firefox 53: NPAPI support is dropped in Firefox.
  • Firefox 60: new ESR version without NPAPI support
  • Firefox 60.2 ESR: The old Firefox 53 ESR version is no longer supported. The end of NPAPI in Firefox.

As is the case with future releases, things may change along the way. We will update the article should this happen. (Thanks Sören)

Firefox, DRM, and the end of NPAPI
Article Name
Firefox, DRM, and the end of NPAPI
The article provides you with information on the definitive end of NPAPI support in Firefox, and the integration of DRM in the browser.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. kalmly said on April 13, 2016 at 3:12 pm

    No more Pandora? No more Radio Tunes? No more games?

    I’ve had Flash set to Ask To Activate on both FF and Pale Moon. I stopped using Pale Moon when I couldn’t get that option to work anymore. Ask to Activate appeared to be available, but it wasn’t working, so it was either all on or all off.

    1. daz said on May 31, 2016 at 5:25 pm

      On pale moon it depends which theme you are using.try a different theme and see if that works as i noticed the same.

  2. q. said on April 12, 2016 at 8:40 pm

    A curious side note:

    The EME-free editons of the various versions, are the only ones for which Mozilla does not provide hash values in the releases archive.

    [It is always a good idea to check to insure a corruption free and true dl. Given that Mozilla has given the nod to apparent security by moving to SHA512 hashes only, it would be an even better idea from a security viewpoint, if the hashes were posted on a page and/or site other than the files (see recent Linux Mint breach).]

  3. Roman Podolyan said on April 12, 2016 at 7:57 pm

    Being not agree with Mozilla add-ons signing policy, I switched to ESR channel months ago.

    As for DRM plugins, I disabled them. Nothing I really need needs DRM and nothing what needs DRM I really need.

  4. Anonymous said on April 11, 2016 at 11:50 pm

    Hulu still does not work without Flash.

  5. Vrai said on April 11, 2016 at 8:15 pm

    I wonder if using the ‘Lynx’ or the ‘Links’ text based web browser will protect my data and privacy?

    I’ve actually played with the ‘Lynx’ browser for a while and it was rather interesting and fun. :)

  6. NO NAME SORRY said on April 11, 2016 at 4:23 pm

    Fuck cisco !!!
    fuck the control of private life !!!

    shall we make an open source flash player ?!

    1. svim said on April 11, 2016 at 8:32 pm

      Easier said than done. Flash itself is a licensed, proprietary technology, well protected by patents. Creating an Open Source alternative that’s a direct replacement isn’t a simple endeavor. It’s not just a matter of writing a bunch of code, the financial resources required just for negotiating the legal maze of valid stumbling blocks and groundless patent trolling will be a very significant factor.

  7. Dave said on April 11, 2016 at 10:38 am

    The DRM elements should be System Add-ons

    1. Sören Hentzschel said on April 11, 2016 at 7:47 pm

      Mozilla compromised their free/freedom policies because of the support of the web standard (!) Encrypted Media Extensions? That’s… interesting. Mozilla has to support important web standards. There are only two options. The other option is that Firefox is the only browser without support and is unusable for a lot of people.

      And yes, I am glad that I can use Firefox to watch Netflix and similar services. It doesn’t matter that there is still Silverlight because Silverlight won’t be supported soon. I am a Firefox Nightly user so I am affected by the end of this year. And it’s great to see NPAPI plugins die!

      1. Sören Hentzschel said on April 13, 2016 at 8:19 pm

        The “DRM element” is the CDM. And the user has at least a bit control about Gecko Media Plugins like CDMs in the add-on manager. WebExtensions are invisible for the user.

        And the implementation doesn’t matter. Either Firefox does supprt EME or Firefox does not support EME. That are the two options.

      2. Dave said on April 13, 2016 at 6:05 pm

        No, the other option is a System Add-On. How is this confusing for you? Bundling the DRM elements into a System Add-On doesn’t affect anything you would notice; and it will surely happen, regardless of what you think or if you understand, so that’s fine.

    2. Sören Hentzschel said on April 11, 2016 at 11:31 am

      Where do you see the difference for the user between a system add-on and a Gecko Media Plugin? Both are “extensions”.

      1. Dave said on April 11, 2016 at 2:26 pm

        The wrapper is currently built into the trunk code, which means Mozilla compromised their free/freedom polices. It’s a huge difference, covered on gHacks in detail the past. There’s really no reason now not to make the propriety elements into System Add-ons and I am confident that Mozilla will do so by the time they remove NPAPI support.

  8. Pants said on April 11, 2016 at 9:36 am

    Just to clarify, AFAIK: the plugins mentioned are classed as GMP (gecko media plugins). The OpenH264 Cisco codec is open source, has no DRM, and is currently only used in WebRTC.

    this disables ALL GMPs. You don’t even need to restart, but you may need to refresh your plugins page
    user_pref(“media.gmp-provider.enabled”, false);

    this disables ALL DRM (currently only adobe)
    user_pref(“media.eme.enabled”, false); // Options>Content>Play DRM Content

    this pref is for always activate (true) and never activate (false) for the Cisco OpenH264 codec (which is not DRM but is a GMP)
    user_pref(“media.gmp-gmpopenh264.enabled”, false);

    this pref is for always activate (true) and never activate (false) for the Adobe EME DRM CDM
    EME (Encypted Media Extension) DRM (Digital Rights Managament) CDM (Content Decryption Module)
    user_pref(“media.gmp-eme-adobe.enabled”, false);

    disable auto-play of HTML5 media – i guess it’s similar to click-to-play. This is probably the best solution for “ask to activate” not being available as an option on the plugin page
    user_pref(“media.autoplay.enabled”, false);

    1. Tom Hawack said on April 11, 2016 at 3:02 pm

      Clear enough. This has been done here together with other settings you made available here at

      Take care of your privacy, no one is better entitled to do so than yourself.

  9. gh said on April 11, 2016 at 9:36 am

    Testing firefox 45.0.1 here, OpenH264 plugin was preinstalled. Contrary to what I read in the article, 3 options (not 2) are available: always / ask / never. I’ve chosen “never” ff is still able to display youtube videos… however, youtube isn’t offering HD quality option.

    I don’t know whether HD quality is unavailable due to absence of flash plugin, or because I’ve disabled OpenH264

    Where can I find a site that depends on, and triggers auto-installation of “Primetime CDM” plugin?
    Curious (and worried) to find out whether its silent installation will create an “evercookie” (in prefs? in a sqlite table?) which will remain even after the plugin is subsequently disabled.

    1. Pants said on April 11, 2016 at 10:52 am

      “Contrary to what I read in the article, 3 options (not 2) are available: always / ask / never.”
      ^^ Have you tired to select “ask to activate”? It’s impossible.

      OpenH264 has nothing to do with Youtube and HTML5 videos. It’s simply the codec they bundled for use with WebRTC. I have all current GMPs disabled (the whole two of them) and I can still run everything on youtube – – 7 out of 7 ticks. Not sure about your HD content problem.

      1. gh said on April 11, 2016 at 7:16 pm

        Thanks. You’re right — the displayed ‘ask to activate’ is, in fact, grayed out and cannot be selected.

  10. Travis said on April 11, 2016 at 9:28 am

    What’s missing from this article is how Mozilla intends to maintain Flash support after removal of NPAPI? Adopt Chrome’s PPAPI interface? If they’re removing NPAPI altogether I’m guessing white-listing Flash will not be an option.

    1. Sören Hentzschel said on April 11, 2016 at 10:35 am

      Mozilla’s last statement regarding Flash was to make a exception for Flash to support it longer than the other NPAPI plugins. I don’t know if this is still the current plan. But Mozilla won’t support PPAPI.

      1. mikef90000 said on January 19, 2017 at 10:12 pm

        Have you tried this PPAPI wrapper? I have not tried it yet.

        FWIW Adobe Labs is updating the Flash player for Linux, both NPAPI and PPAPI and 32/64 bit.

    2. Martin Brinkmann said on April 11, 2016 at 10:32 am

      There won’t be any Flash support in Firefox when NPAPI is dropped. Shumway, Mozilla’s Flash replacement, never made it to a production release.

      1. Travis said on April 11, 2016 at 3:31 pm

        By Firefox 53? Extremely improbable. That would mean breaking ten of thousands of websites. It won’t happen.

  11. Rick said on April 11, 2016 at 8:37 am

    Since Mozilla does not have an agreement with Adobe to do the same, it is at a significant disadvantage as the removal of NPAPI support would result in Firefox not supporting any Flash content on the Internet anymore.

    Really? What site has actual flash content that isn’t ad related? Even ads have moved from flash. All well-visited sites have ditched flash long ago. Streaming has been, as you have said, moved to html5.

    1. Gabriel said on June 28, 2016 at 3:53 pm

      google chrome does suppport plugins!!!(PPAPI) butt the ppapi version of adobe shockwave flash is bundled with chrome.

    2. Roman Podolyan said on April 12, 2016 at 7:53 pm

      > What site has actual flash content that isn’t ad related?

      Graphs plotting. I met Flash-based graphs of currency exchange rate on several sites dedicated to that matter.

    3. Uhtred said on April 11, 2016 at 12:58 pm

      BBC iplayer for one

      1. dave said on April 14, 2016 at 9:18 am
        Reply you can opt-in to html5 for bbc iplayer.

      2. Jason said on April 11, 2016 at 6:42 pm

        “I don’t understand big companies’ policy in this regard.”

        The usual things: money and effort. They don’t want to fund the switch to new technologies as long as they can get away with using the old ones. You’re right that Flash is garbage at this point. I don’t even have it on my system anymore (shock! horror!). :)

      3. Tom Hawack said on April 11, 2016 at 3:11 pm

        France Televisions has many sites and yet all videos require Adobe’s Flash, which is a shame when we all know 1- that Flash is on the road to hell and 2- HTML5 is available, is the future. I don’t understand big companies’ policy in this regard. I do know that Flash is excellently talkative of its users configurations (unless editing Flash’s mms.cfg file) and that could explain at least partially companies’ stubbornness to stick to Flash like a vampire to a throat. Insane.

    4. Martin Brinkmann said on April 11, 2016 at 8:55 am

      There is more to Flash than ads, games for one.

      1. JR said on April 12, 2016 at 5:01 am

        Nothing of value. Including games. Ditch flash NOW. Only ones using it are enterprise/business only applications. This is a good thing. The faster we can ditch this age-old garbage un-secure tech the better.

      2. Froyton said on April 11, 2016 at 4:06 pm

        > And nothing of value will be lost.

        Games have no value? Not sure I agree with that one.

      3. Allahu Akbar said on April 11, 2016 at 11:34 am

        >games for one.

        And nothing of value will be lost.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.