Last week, Mozilla announced it will prompt Firefox users on Windows with old versions of Adobe Reader, Adobe Flash, and Microsoft Silverlight, but refused to detail how the system will work. Finally today Firefox 17 is now in beta and with it is a very cool feature, click-to-play plugins.
When a user lands on a site that requires the use of a plugin, say Adobe Flash, if the version running in the user's browser is on the list of known vulnerable applications, Mozilla will disable it and show the user a message saying that she needs to update the plugin.
"By combining the safety of the blocklist with the flexibility of click-to-play, we now have an even more effective method of dealing with vulnerable or out-of-date plugins." Mozilla wrote on blog. Mozilla is still working on implementing the controls, which would allow you to block all plugins by default and then pick where you want them to run.
As already mentioned, this feature will be enabled by default in Firefox 17. There is, however, an about:config preference "plugins.click_to_play" that can be set to true to enable click-to-play for all plugins, not just out-of-date ones. Mozilla says it is still developing this part.
The main motivation behind this plugin is to prevent users' systems against drive-by attacks that target vulnerable plugins.
Subscribe to our Daily News-letter via email - Be First to know about Security and Hackers.