Skip to main content

Mozilla mandates Click-to-Play by default for Firefox plugins

Mozilla announced this week that it will require "Click to Play" for all third-party plugins on Firefox, except the most current version of Flash.

What that means is that whenever you hit a third-party plugin via the Firefox browser, you will - by default - have to grant the browser permission to access it.

"This change will help increase Firefox performance and stability, and provide significant security benefits, while at the same time providing more control over plugins to our users," Mozilla said in a blog post.

In the past, Firefox just loaded any plugin it encountered. Going forward, "Firefox will only load plugins when a user takes the action of clicking to make a particular plugin play or the user has previously configured Click To Play to always run plugins on the particular website," Mozilla said.

If you're concerned about having to constantly click plug-in approvals, Mozilla said users can opt to always run plugins. They can also select to block them all, too. "This change puts the user in control," Mozilla said.

The benefits of enabling Click to Play, Mozilla said, is increased performance and stability, as well as boosted security.

"Poorly designed third party plugins are the number one cause of crashes in Firefox and can severely degrade a user's experience on the Web," Mozilla said. "This is often seen in pauses while plugins are loaded and unloaded, high memory usage while browsing, and many unexpected crashes of Firefox. By only activating plugins that the user desires to load, we're helping eliminate pauses, crashes and other consequences of unwanted plugins."

Meanwhile, scammers commonly exploit vulnerable plugins when plotting cyber attacks. "In this kind of attack, a user with outdated or vulnerable plugins installed in their browser can be infected with malware simply by browsing to any site that contains a plugin exploit kit," Mozilla said. "The Click to Play feature protects users in these scenarios since plugins are not automatically loaded simply by visiting a website."

Mozilla said it plans to implement Click to Play for all plugins except the most recent version of Adobe Flash. The company has already rolled it out for plugins that pose security risks, including outdated versions of Silverlight, Adobe Reader, and Java.

Mozilla will start by adding Click to Play to old versions of Flash, before moving on to the current versions of Silverlight, Adobe Reader, and Java and then all other plugins.