• Warning: Illegal string offset 'name' in fierce_js_init() (line 6 of /mnt/www/html/fiercemarkets/docroot/sites/all/modules/custom/fierce_js/fierce_js.module).
  • Warning: Illegal string offset 'url' in fierce_plugins_site_footer_content_type_render() (line 151 of /mnt/www/html/fiercemarkets/docroot/sites/all/modules/fierce_plugins/plugins/content_types/site_footer/site_footer.inc).
  • Warning: Illegal string offset 'signup_url_footer' in fierce_plugins_site_footer_content_type_render() (line 152 of /mnt/www/html/fiercemarkets/docroot/sites/all/modules/fierce_plugins/plugins/content_types/site_footer/site_footer.inc).
  • Warning: Illegal string offset 'contact_url' in fierce_plugins_site_footer_content_type_render() (line 155 of /mnt/www/html/fiercemarkets/docroot/sites/all/modules/fierce_plugins/plugins/content_types/site_footer/site_footer.inc).
  • Warning: Illegal string offset 'mobile' in fierce_plugins_site_footer_content_type_render() (line 156 of /mnt/www/html/fiercemarkets/docroot/sites/all/modules/fierce_plugins/plugins/content_types/site_footer/site_footer.inc).
  • Warning: Illegal string offset 'url' in fierce_plugins_site_footer_content_type_render() (line 157 of /mnt/www/html/fiercemarkets/docroot/sites/all/modules/fierce_plugins/plugins/content_types/site_footer/site_footer.inc).
  • Warning: Illegal string offset 'url' in fierce_plugins_site_footer_content_type_render() (line 159 of /mnt/www/html/fiercemarkets/docroot/sites/all/modules/fierce_plugins/plugins/content_types/site_footer/site_footer.inc).
  • Warning: Illegal string offset 'jazd' in fierce_plugins_jazd_hottest_products_content_type_render() (line 32 of /mnt/www/html/fiercemarkets/docroot/sites/all/modules/fierce_plugins/plugins/content_types/jazd_hottest_products/jazd_hottest_products.inc).

Firefox to default all plug-ins to Click to Play--with exception of Flash

Tools

To tackle the problem of drive-by download attacks, Mozilla earlier this week announced a complete change in how the Firefox browser will deal with third-party plug-ins. In a nutshell, Mozilla plans to enable this feature for all versions of plug-ins, with the exception of the latest version of Flash.

This means that Firefox will block plug-ins, such as Java and Silverlight, by default, loading them only when users click to load a particular plug-in. This is a reversal from the previous situation where Firefox would automatically load any plug-in requested by a website.

The move offers significant security benefits given that one of the most common attack vectors is drive-by downloads designed to target vulnerable plug-ins. The move is expected the result in increased performance and stability too, by eliminating the pauses, crashes and other consequences of downloading unwanted plug-ins.

Mozilla's director of security assurance, Michael Coates elaborated: "Poorly designed third party plug-ins are the number one cause of crashes in Firefox and can severely degrade a user's experience on the web. This is often seen in pauses while plug-ins are loaded and unloaded, high memory usage while browsing and many unexpected crashes of Firefox."

At the moment, Click to Play has already been enabled for many plug-ins, including vulnerable and outdated versions of Silverlight, Adobe (NASDAQ: ADBE) Reader, and Java. The eventual plan is to enable Click to Play for all versions of all plug-ins, except the current version of Flash, Coates says.

For more:
- check out this article at ZDNet

Related Articles:
Firefox 18 beta released with faster JavaScript engine, Retina support
Mozilla: Firefox may have lost 9M downloads over Microsoft glitch