back to article Firefox's plugin-blocker slams into beta - but don't jump for joy, Flash haters

With its latest beta release, the Mozilla Foundation has taken a step further toward making click-to-run the default behavior for all plugins in Firefox. "Outdated plugins are a big source of security vulnerabilities so this feature will ensure users are safe and Firefox runs smoothly," the Firefox team said in a blog post on …


This topic is closed for new posts.
  1. Graham Marsden

    "Adobe's Flash Player plugin...

    "...which Mozilla has determined is used by too many websites to fall under the manual activation requirement."

    Really? Hmm, yes it's *so* difficult using FlashBlock...

    1. Anonymous Coward
      Anonymous Coward

      Re: "Adobe's Flash Player plugin...

      Dude... did you just stop reading at that point, or did Flash crash your browser?

      "But Firefox users will only be able to dodge the click-to-run warning if the version of the Flash plugin they have installed is the latest one."

  2. This post has been deleted by its author

  3. Dr Trevor Marshall

    FLASHblock also blocks the FLASH advertisements

    I bet that is why Mozilla don't want to 'protect' us from FLASH. Can't upset the advertisers. Oh well, as long as Flashblock continues to work as a plugin...

    1. Greg J Preece

      Re: FLASHblock also blocks the FLASH advertisements

      Riiight, because Mozilla have a track record of giving a toss what advertisers think. They partly created the proposed Do Not Track header, have had click-to-run for outdated Flash versions for a long time, opposed DRM in web standards, etc, etc. I think you're thinking of Chrome.

      1. Tom Chiverton 1

        Re: FLASHblock also blocks the FLASH advertisements

        How come you can't disable images any more then ?

  4. Anonymous Coward

    if you want to be that bugzilla thread

    If you read it from the top, you'll see that the originator wanted to prevent java from running in Firefox because of its rather glorious bug history. Of course the originator didn't stop to think about the glorious bug history of Microsoft Windows (or any other O/S) and after a couple hundred comments sanity (or what seems to pass as sanity) returned, they decided that preventing a large part of the corporate world from working was not a really good idea.

    Read it for yourself, and if you disagree with me, well, that's not necessarily a bad thing.

  5. JP19

    The one exception

    Why the hell should there be any exception?

    In 24.0 my installed plugins offer "Always Activate", and "Never Activate", or "Ask to activate" if the plugin is considered vulnerable.

    I want "Ask to activate" if the plugin is considered a pain in the ass - and that is my consideration not theirs.

  6. DF118

    And yet...

    Years down the line they still haven't gotten their 'automatic plugin download' thing to work properly when Firefox wants you to install/update Flash.

    1. Tom 7 Silver badge

      Re: And yet...

      Thank fuck for that!

  7. ForthIsNotDead

    How will it work in practice?

    I use a number of plugins, such as flagfox, which displays the flag of the country in which the server I am connecting to is displayed (if it's a USA flag just close the tab - ha ha!).

    I also use Ghostery. Will I have to explicitly give permission for my plugins to run with each page I load? Surely not?? Curious about this...

    1. Tony Green

      Re: How will it work in practice?

      These are EXTENSIONS, not PLUGINS.

      Big difference.

  8. Mystic Megabyte


    Instead of the usual "You needs to install a plug-in to see this content - Install?". Will this actually tell me *what* plug-in? I hate useless uninformative messages.

  9. DropBear


    This will merely be perceived as another "auto-next" thingie to click on by most users. Their first question will be whether it can be disabled and how. I really wonder when will IT-types finally get it that requiring the users to perpetually keep clicking just to get stuff to work normally only ever trains them to do just that, while continually reenforcing the perception that it's all totally useless since nothing bad ever follows (until it does...).

    I get it the computer can't decide these things automatically for you. Boffins need to get it that the vast majority of users (myself included) can't / won't do that either. UAC much, Mozilla...?

    1. Anonymous Coward
      Anonymous Coward

      Re: Useless

      In part I agree.

      From what i can see it blocks all content, even up to date, except flash.

      So wht not a happy medium, block it and say "this content is running on out of date software, click here to....Upgrade, Block, Allow"

      Then when it up to date, it doesn't block it, or says "Allow this time / Always alllow if up to date"

      1. Immenseness

        Re: Useless

        Happy medium? You'll be suggesting they apply common sense next! :-)

    2. Intractable Potsherd Silver badge

      Re: Useless

      Whilst I have several blockers running, my wife has trouble with just No-Script. She runs out of patience really quickly, and then fires up another browser (I caught her browsing the university server on IE the other day, ffs!) If Mozilla take the route they propose, they are certainly going to show that FF is more secure, but only because users like Mrs P will abandon it because of the nag-boxes.

      I don't know what the answer is, but it isn't this.

  10. Dave K Silver badge

    Flash for ads...

    I'm still amazed that so many ads run via Flash wheny you consider that this effectively auto-blocks them from mobile phone/tablet browsers. Not that I'm complaining about the relatively ad-free experience I automatically get on my phone of course!

  11. S4qFBxkFFg

    Now that Java's been sorted, is there any way to turn off C/C++ in Firefox?

  12. Hans 1 Silver badge

    This is why Firefox sucks

    Why can it not download the latest version of the plugin automatically and install it for me, this used to work in Mozilla 1.7, iirc .... nooooo, lets moan at the user, train him/her to simply click "Allow" and move on .... how hard can it be to download the flash plugin and put it into ~/.mozilla/plugins ? Should be just as easy for Java except on Windows as you do want to install the trojan with careful reading as you want to avoid the piece of crap it tries to force down your throat, I think it was "ask" toolbar last time I tried.

    And the "we'll just disable all Java" fiasco really was brain-dead - the guy who took that call should be hanged.

    I already got two popups for Java plugin, one from Firefox and one from the Java plugin - no I do not want to disable either because it is actually pretty handy for testing purposes, which may be why they do that in the first place ... devs != users.

    Could they not just have a Firefox setting: "I know what I am doing so cut the crap" hidden deep down in about:config.

    The other thing with browsers that drives me nuts, well on Windows at least, is the toolbar/search provider hijacking bullshit. How hard can it be to just have a button like chrome does to reset everything to default? I mean, shit, I hate having to go through "about:config" all the bloody time - is there some easier way ? In 99.99% of cases, you choose your search provider the first 5 minutes you use the program if it is not the default one (google).

    Man, the other day I had a Windows laptop for repair that had a total of 11 toolbars ... can you imagine on a 15" screen ? Not much real-estate to navigate the intertubes. Note that I have to wander through the registry to fix some of this shit ... I used to use Ad-Aware, but since the scammers/spammers bought it, I do all by hand. I use VBS and cmd.exe to find root kits (Simply have them both print out the directory structure of drive c:, then you diff the files).

  13. Rushyo

    "a decision that was eventually rescinded amid widespread uproar from the Java-using community."

    The block was reverted because there was a UI issue:

    "[...] we should revert this block (the R45 block) until we can make that experience work correctly." edge-cases, where the CtP interface wasn't being displayed. See comments #65 and #80 on the Bugzilla.

    I realise it sounds less sexy in a news article, but a revert from a code branch does not mean a feature has been dropped because 'omg rabble rabble'.

  14. Harry

    Blockers, yes please.

    If installing the latest version no longer activates the blocker, then that is equivalent to semi-permanently "allowing" the content -- though in addition to "allow once" there should probably be an "ignore" setting for users who may have a good reason for wanting to keep an earlier version.

    Personally I run with flashblock and except for a few sites that are permanently allowed I rarely need to look at flash content on web sites. There are exceptions, but flash is often a distraction that contributes nothing essential to the site. Mostly I'm there to read the words, not to look at the pictures. And in any case, that unwanted content is possibly taking more from my monthly bandwidth allowance than the page content, so its better if it can be blocked unless I *choose* to enable it.

    What we now want -- well, what *I* want anyway, but I'm sure I'm not alone -- is a flashblock-like blocker for those nauseus, distracting and pointless slideshows and animations that are on many web sites. They are just as irritating as flash, but are now implemented by other means and they equally need blocking.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020