Last week Mozilla revealed that it will be prompting Firefox users about the outdated version of browser plugins on their systems. Mozilla said that old versions of Silverlight, Adobe Reader and Adobe Flash for Windows will be covered under this feature but, didn’t reveal any details on how this will actually work.
Mozilla has just took the wraps off its click-to-play plugins (don’t load plugins until they’re clicked) and blocklisting features (a list of addons and plugins that are disabled) detailing the capabilities of the option and how it tends to provide Firefox users with increased level of security. Through the combination of the aforementioned features, Mozilla will give users information about outdated vulnerable plugins allowing users to make an informed decision about which plugins to activate without updating and which to update and then load.
“By combining the safety of the blocklist with the flexibility of click-to-play, we now have an even more effective method of dealing with vulnerable or out-of-date plugins”, notes Mozilla on its security blog.
The main motivation behind this plugin is to prevent users’ systems against drive-by attacks that target vulnerable plugins. Some of the ways such attacks are carried out include trying to get gullible users to click on a video link that actually is not a video or by hiding exploit for a vulnerable plugin in ads on a legitimate website. The feature will be implemented in Firefox 17 by default.