To help protect users from outdated, compromised third-party plugins like Adobe Flash, Microsoft Silverlight and Java, Firefox will stop automatically loading third-party plugins.
The only exception is the current Adobe Flash plugin.
Provided you’ve been keeping the Flash plugin updated, you may not even notice the change. But if you’re running an older, vulnerable version, video on sites like YouTube will no longer automatically load movies. Instead you’ll soon see a gray box and notice warning you that your plugin is out of date.
Michael Coates, Mozilla’s Director of Security Assurance, cites crashes as the main motivation for the change. “Poorly designed third-party plugins are the number one cause of crashes in Firefox,” writes Coates on the Firefox blog. “By only activating plugins that the user desires to load, we’re helping eliminate pauses, crashes and other consequences of unwanted plugins.”
Third-party plugins are also a notoriously popular way to deliver viruses and other malware.
Of course the click-to-play option can’t protect you from yourself – all you need to do to make the plugin in question run is click on the grayed out box and everything will work as usual. There’s also a new plugin icon in the URL bar; click it and a menu will show you which plugins on the page are disabled. Click “activate” to enable them, though obviously it’s a better idea to update Flash to the latest version.
One of the most common uses of Flash on the web these days is to deliver video to web browsers that don’t support the popular H.264 codec. When Firefox’s native support for H.264 video and MP3 audio arrives later this year, most Firefox users will likely have considerably less need for the Flash plugin.