Firefox/Mozilla has announced they will be making some changes in hopes to prevent crashes and to improve security.
Some of the plug-ins being blocked include: Microsoft Silverlight, Adobe Reader, Apple’s QuickTime and Oracle’s Java. The only plug-in that will run is the newest version of Adobe’s Systems’ Flash Player.
The reason? Plug-ins extend a browser’s ability to run software or handle different media and file formats, but that extra ability opens new avenues for attack.
Firefox will disable the execution of non-Flash plug-ins by default with a feature called Click to Play that lets people run each plug-in on a particular web page if they choose.
Click to Play can be configured to override Mozilla’s defaults, letting people set it to always or never run a particular plug-in.
Third-party plug-ins are the number one cause for crashes in Firefox and can severely degrade a user’s experience on the web. This is often seen in pauses while plug-ins are loaded and unloaded, high memory usage while browsing, and many unexpected crashes.
A user with an outdated or vulnerable plug-in installed in their browser can be infected with malware simply by browsing to any site that contains a plug-in exploit kit. Plug-in exploit kits can be present on both malicious web sites but also on completely legitimate web sites that have been compromised and are unknowingly infecting visitors with malware.
To learn more about the Click to Play option offered by Mozilla: More information
To learn how to disable plug-ins on your browser: