Click-to-play plugin blocks coming in Firefox 17

30

Firefox 17, coming out today on Beta, introduces a new solution for dealing with vulnerable or outdated plugins. Plugins that are blocked with the click-to-play flag will not load by default, but can be easily activated by users. This gives us a more user-friendly way to warn about plugins that should be updated, that give users better control over their browsing experience.

The large scale plugin update notification we deployed last week used the old update notification mechanism for Firefox 16 and below, and the new click-to-play mechanism for Firefox 17 and above. If you have old versions of Flash, Adobe Reader or Silverlight and you’re on 17, you will see the click-to-play block next time you visit a page that uses one of these plugins.

For more information see this post in the Security Blog.

Tags: , , ,

Categories: end users, general

30 responses

  1. lba

    are “search” add-ons (xml files) automatically updated? or must users update them manually?

    1. Jorge Villalobos Author

      They must be updated manually. They are rarely updated, though, given how simple they are.

  2. Aris

    Fx17 plugin changes seem to have a negative effect on HD trailers on “Apple movie trailers” site ( http://trailers.apple.com/ ) and maybe others. While HD trailers can be downloaded using Fx 16 (and older), nothing happens when on Fx 17 beta (1/2).

  3. John

    This is a real problem at companies that have administrator locked down… the end users cannot update plugins like Shockwave. I’m finding problems with it, where clicking to let it run doesn’t work. (Nightly 19.0a1 (2012-11-01) )

    1. rpr

      I second that.

      1. ceres

        yes it keeps req. that i up date,making me nuts .

  4. Roger Watson

    I seem to be having problems with you tube as now a click to play button appears and then an error message comes up. Perhaps it could be this new ‘click to play’ update?

    1. Jorge Villalobos Author

      If you are using Firefox 17 or later, and an old version of the Flash Player plugin, then yes, that’s what’s happening.

  5. Sandra

    I very much like the click to play extension so Flash doesn’t start before I want it to =)

    Is it possible to enable click to play for also updated plugins?

    1. Jorge Villalobos Author

      We will probably move to click-to-play by default in the future, but it isn’t ready now. You can use the Flashblock add-on to get a similar experience.

      1. Byron

        Flashblock add-on is needed? I thought there was a pref, something like plugins.click_to_play = true.

        1. Jorge Villalobos Author

          There is a preference, but I wouldn’t recommend changing it. There is still work to be done before click-to-play is ready to be fully activated.

  6. Torkel

    “We will probably move to click-to-play by default in the future”

    I really hope you do! It is a more sane default. And it will make pages using Flash for advertisement load a lot faster and use less memory — making Firefox even more secure and fast.

  7. beerbt1

    Additional FoxTab how to enable click-to-play next? Firefox window, click the extension icon to allow, but do not respond, it can not be activated Additional FoxTab

  8. beerbt1

    How do I enable the plugin FoxTab

  9. dreamer

    I guess this is most relevant for linux, which has been dropped from adobe’s radar.

    Does silverlight also mean moonlight? since that is obviously lagging in its implementation.

    1. Jorge Villalobos Author

      We have only blocked Silverlight for Windows, and once for Mac OS.

  10. Thrawn

    @Jorge: Flashblock may give a similar user experience to click-to-play, but it’s not reliable; pages have ways to work around it. You should not rely on FlashBlock for security purposes.

    Plus, it only applies to Flash.

    A better solution is to use the NoScript addon. Enable Options-Embeddings-’Apply these restrictions to whitelisted sites too’, and then select ‘Scripts Globally Allowed’. You get reliable click-to-play for every kind of plugin – or a configurable subset of them – plus the ability to forbid JavaScript on demand for sites you don’t trust, plus filters for attacks like cross-site scripting and clickjacking. And it integrates with the built-in click-to-play feature, so when you tell NoScript to allow an object, it automatically tells Firefox to allow it.

    FlashBlock is a great idea – but NoScript does a better job.

  11. Charles Burns

    Will the new version of firefox affect Real Player? I like Real Player and use it do download videos. I do not like to change things and then be required to change other things.

  12. DEANNA

    I can no longer watch episodes on abc cbs etc… but i can stil on you tube why is that and why will it not let me on gmail anymore either

  13. Paul R

    With all these updates, my Firefox is becoming less and less stable with each improvement. The only advancement I see that Really works for me is the option to reopen existing windows before the crash.

    When we were at low single digit versions, I could have open dozens of windows for Weeks with No Problem at all, all the pages I frequent I could keep open and and refresh regularly. and ALL the Captchas worked fine – it was heaven. Now with each upgrade it is a mess, I’m leery about upgrading anymore. I’m lucky if I can have open more then 4 windows for a few hours before it locks up and crashes, this is a daily occurrence, god help me if try to get I-Heart radio working, it WILL lock up in minutes. I tried uninstall and reinstall and all that BS, Nothing works.

    Is there there someplace I can go to get the older versions? and forget the updates.

  14. Gloria R.

    I updated to the lastest version of Adobe Flash in ‘Firefox 17′. Verified by Adobe installed and running.
    I re-started browser, but the latest version for Windows XP is still showing up as outdated when I run the Firefox addons check? This has never happened before.

    I uninstalled and re-installed the latest version, but am still getting the update addon message for Adobe Flashplayer? How can this be fixed?

    1. Gloria R.

      After posting this issue, I ran addons check again, and Flashplayer showing updated? But now it shows my Java addons need to be updated. However, when I check Java, I’m already currently using the latest installed Java 7.9 for Windows XP? Why is it showing I need to update it? Do I need to uninstall and re-install the same version?

  15. Matt

    EVERYONE!!!! i recomend using google chrome or something else coz this version of FF sucks balls

  16. John

    Hi, a plug in called “Net Usage” Meter Dose not work with the upgraded firefox, any suggestions
    Just shows a “Parsing error S3″ while trying to connect

  17. Paul R

    It looks like you need to add the option to “undo” recent upgrade.

    I hope this doesn’t post multiple times, but when I hit submit comment, browser crashed 2 times

  18. Kekepania

    I’m reading mostly negative replies in any updates, also there’s an update (17.0.01) that states it will disable some of my Kapersky settings. Doesn’t sound safe enough to download.

  19. They call me Tim

    Add me to this dysfunctional ff family with Ameritrade. It hangs on connecting to dealply for about a minute through the first layer of security and halts completely on the 2nd layer. Someone needs to go back & try again. Switching to chrome so google can track my ever move. Just what I wanted. I’ll check back in a few months to see if it’s been fixed.

  20. blugirl

    I’ve installed the latest version of FireFox & the Click-to-Play add in…but when I went to test it, it’s not blocking Flash videos…nor am I seeing the “lego” looking icon to the left of the address bar. This works at my office…but we’re all running Windows 7. The other office that we’re having problems with is running XP. Could that be why? I checked in about:config & it’s enabled. I’m just not sure where else to check.

    1. Jorge Villalobos Author

      If the about:config preference is set, it should work. However, if that machine is running XP, it might also be running an old version of Firefox. Maybe it’s running a version that doesn’t support click-to-play?