This week, Firefox 3.6.4 was released with out-of-process plugin support. This means that when plugins crash, it doesn’t take the browser with them.
But please remember: it’s still important to keep your plugins up-to-date. Out-of-date plugins can be a security risk.
In a previous blog, I talked about the blocklist service in Firefox and its role in keeping users informed and up-to-date with regards to plugins. It looks something like this:
As a follow-up to that post, I walked through the update process for Firefox. Here were my testing steps:
- Edit my blocklist.xml files and preferences to blocklist the Flash filename on each platform.
- Restart Firefox
- Visit YouTube (or any page with Flash on it)
- Follow the on-screen prompts until you reach our goal: a browser running an up-to-date version of Flash
Adobe and Mozilla both need to make this process easier for users. In summary, this is how it went:
- Windows: 9 steps, 2 unnecessary software downloads from Adobe
- Mac: 15 steps
- Linux: 6 steps, high likelihood of failure or conflict with package manager
Safe to say that there are many ways we can improve this process:
- Show specific warnings about which plugins are out of date
- Don’t have an intermediate step on the plugin checker
- Do not have the McAfee opt-out on the Flash download page
- Do not force people to download the XPI (Firefox could use an external installer + hash check like it does with PFS)
- Eliminate any steps you can — get it down to a one-click experience if possible
Protecting users from plugin crashes is a great thing, and I’m looking forward to seeing the plugin update experience becoming just as awesome.