NEWS - January 30, 2013
by Carol~ - 1/30/13 3:12 PM
Firefox Continues to Curb Out-of-Date, Flawed Third-Party Plug-ins
After pushing its "click-to-play" blacklisting function live last fall, Mozilla has announced plans to further implement the security feature in its Firefox browser.
The company is planning to make it so only the most recent version of Flash is automatically run on web pages while users will have to verify if they want to view content on pages that uses plug-ins such as Silverlight, Java and Acrobat Reader.
Specifically, to protect its users, Mozilla plans to block versions of Flash older than 10.2 and the most recent versions of Silverlight, Java and Reader. Users will have to "click-to-play" to allow these plugins to work in their browser and from there, decide if they want them to run regularly.
Click-to-play operates as a blacklist of sorts for Firefox plugins. If a plug-in such as Java is either vulnerable or out of date, Firefox will disable it and require the user to verify whether they'd like to run it. When it comes to certain plug-ins, users can elect to always run them, run them on a page-by-page basis or never run them.
According to a post by Mozilla's Director of Security Assurance Michael Coates on the company's Security Blog yesterday, the change - which has no official timeline - is being done to get users more conscious exactly what's running on their machines.
Continued : https://threatpost.com/en_us/blogs/firefox-continues-curb-out-date-flawed-third-party-plug-ins-013013
Mozilla pulling plug on auto-running nearly all plugins
Firefox will block by default nearly all plugins
Mozilla to Require 'Click to Play' on Firefox Plugins