Mozilla to tweak Firefox plugin permissions for added security
MANILA, Philippines - In an effort to improve security on its Firefox web browser, Mozilla plans to change how people load third-party plugins such as Java and Silverlight.
Older versions of Firefox used to load the plugins requested by a website automatically. A tweak to their Click to Play system will change how Firefox works.
With the change in place, users have the option to allow browser plugins to run before a web page loads.
Mozilla touts this as a feature that will enhance user control and improve the browser's stability and performance. It will also increase the security on the browser, which is its prime aim.
Mozilla explains that in most browser attacks hackers exploit vulnerabilities in plugins. Users "with outdated or vulnerable plugins installed in their browser can be infected with malware simply by browsing to any site that contains a plugin exploit kit."
Plugin exploit kits exist on both malicious websites and compromised legitimate websites. With these exploit kits, the plugin can be used by the exploit kit to install malware even when there's no legitimate need for the plugin to be used. Because it disables plugins from loading on websites, Click to Play keeps malware installation scenarios from happening.
Mozilla wants to "enable Click to Play for all versions of all plugins except the current version of Flash." Currently it is only enabled for plugins that "pose significant security or stability risks" to users including outdated versions of Microsoft Silverlight, Adobe Reader, and Java. - Rappler.com