Firefox Blocking Java And Silverlight ‘For Better Security’

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Mozilla looks to prevent attacks exploiting flaws in plug-ins

Mozilla has killed a feature in its Firefox browser that automatically ran plug-ins, such as Java, Silverlight and Flash, to improve security and stability.

The company is fed up with user experience being hampered thanks to problems with plug-ins. Just recently, Java has been plagued with security vulnerabilities, and people have complained about performance issues with Microsoft’s Silverlight.

firefox eating explorer

Firefox fed up

Previously, Firefox ran plug-ins automatically. Now, it is giving users the choice via a new Click to Play feature. Users will be asked to configure Firefox’s Click To Play settings to always run plugins on a particular website, or simply do so manually every time they want to run content.

“Users should have the choice of what software and plugins run on their machine,” wrote Michael Coates, director of security assurance at Mozilla, in a blog post.

“Poorly designed third party plugins are the number one cause of crashes in Firefox and can severely degrade a user’s experience on the Web.

“One of the most common exploitation vectors against users is drive by exploitation of vulnerable plugins.”

The Click to Play feature will block automated running of all plug-ins except for the latest version of Flash. “Click to Play has already been enabled for many plugins that pose significant security or stability risks to our users. This includes vulnerable and outdated versions of Silverlight, Adobe Reader, and Java,” Coates added.

Are you a security expert? Try our quiz!