By default, Firefox will load content based on all three plugins only after users click an icon that explicitly permits it. This feature, known as click to play, was introduced late last year. Until now, it disabled out-of-date plugins to prevent hack attacks and browser crashing. Sometime soon, it will begin blocking all plugins except for the most recent version of Adobe Flash.
"One of the most common vectors against users is drive by exploitation of vulnerable plugins," Michael Coates, Mozilla's director of security assurance, wrote in a blog post announcing the change. He was referring to website attacks that surreptitiously install malware on end-user computers by targeting security bugs in the browser components that process Java- and Flash-based content. "The click to play feature protects users in these scenarios," he added.
Over the past year, plugins for Oracle's Java software framework have emerged as one of the chief targets for drive-by attacks, with Adobe's Flash Player also being a popular target. While click-to-play won't affect the most recent version of Flash, older releases will also be blocked unless users explicitly permit it.
No comments:
Post a Comment