The Hacker News Logo
Subscribe to Newsletter

Firefox to block all plugins by Default in upcoming release, except Whitelist plugins

Mozilla to Block all Plugins by Default in upcoming release, except Whitelist Plugins
The Mozilla Firefox web browser is used by roughly 30% of all Internet users and the company is seriously concerned about the Security of its users for many years.

To Improve the Stability, Security and performance of Firefox web browser, Mozilla announced back in 2013 that it planned to enable ‘Click to Play’ feature in upcoming Firefox versions, which will block most vulnerable plugins like Java by default.

Plugins are a significant source of poor performance, crashes and security vulnerabilities”, Mozilla said.

The Feature 'Click to play' blocks the execution of all plugins automatically, though this feature was annoying to the users, so to prevent all plugins from default blocking, Mozilla announced to maintain a whitelist of approved plugins.
"By allowing users to decide which sites need to use plugins, Firefox will help protect them and keep their browser running smoothly." ~Benjamin Smedberg, Engineering Manager.
Plugin authors can apply for inclusion in a whitelist. The developer has to submit their plugins using a template to Bugzilla and the application submitted till 31st March, 2014 will be reviewed by the Mozilla.

The Firefox web browser will only start blocking by default, no sooner than Firefox 30. If accepted, the plugin will be whitelisted for next 4 Firefox releases i.e. 30 weeks (6 weeks in beta version and 24 weeks in the general release channel), with the possibility to apply for a further extension later.

'Adobe Flash' is included in the whitelist by Mozilla, 'security and plugin teams work closely with Adobe to make sure that Firefox users are protected from instability or security issues in the Flash plugin', the company said; However, 'Java' plugin is excluded from the whitelist because of its continues security problems and slow performance.

Most widely used web browser Google Chrome is also working in this direction and last January it has blocked all NPAPI plugins except Silverlight, Unity, Google Earth, and Facebook Video.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.