In the wake of the security debacle Oracle's Java is going through, the folks at Mozilla are stepping up security in Firefox. According to a blog post by Director of Security Assurance at Mozilla, Michael Coates, the next version of the browser will block all plugin content like Flash, Java and Silverlight by default, and users would be given a Click-to-Play option. The new Firefox would expand on the Click-to-Play functionality Mozilla introduced in Firefox 17.
The earlier implementation of the feature only worked on plugins that were deemed outdated, vulnerable or included in a blocklist. The new implementation is set to work on all plugins by default, except for the latest version of Flash.
Click-to-Play lets users choose to load elements on a page. Plugin content on most pages on the web is loaded automatically along with the rest of the page, but users will now be able to click on a certain element when they want it to load.
This also helps in making the browser itself more stable. According to the blog post, “Poorly designed third-party plugins are the number one cause of crashes in Firefox and can severely degrade a user’s experience on the Web. This is often seen in pauses while plugins are loaded and unloaded, high memory usage while browsing, and many unexpected crashes of Firefox. By only activating plugins that the user desires to load, we’re helping eliminate pauses, crashes and other consequences of unwanted plugins.”
Click-to-Play will make browsing smoother and safer
Security is also boosted with Click-to-Play, as a vulnerable plugin won't be able to load unless a user wants it to, thus keeping the computer safer from malware. “We’ve observed plugin exploit kits to be present on both malicious websites and also otherwise completely legitimate websites that have been compromised and are unknowingly infecting visitors with malware,” the blog post reads.
Mozilla plans to enable Click-to-Play for all versions of all plugins, except for the current version of Flash. The feature has already been enabled for many plugins that have vulnerabilities, such as outdated versions of Silverlight, Adobe Reader and Java.
The changelogs also point out performance improvements around tab switching and better image quality with a new HTML scaling algorithm. There are also some changes for developers, like support for a new DOM property—window.devicePixelRatio—and improvement in startup time through better handling of extension certificates.
The Android version of the browser also received some upgrades, such as integration with Google Now, the ability to enable Safe Browsing, support for new fonts delivered through the browser, and an option to opt-in for search suggestions when entering text into the Awesome Bar.
While the beta releases of Firefox 18 had a built-in PDF viewer, it is absent from the final release. It is possible that Mozilla deemed it incomplete and decided to delay it till the next release.
API, Firefox, Firefox 17, Firefox 18, Firefox 18 Changelog, Firefox 18 Retina, Firefox IonMonkey, Firefox Retina, Firefox Retina Support, IonMonkey, Mac OS, Mac OS X 10.5, Mozilla, Mozilla blog, Mozilla Corporation, Mozilla Firefox IonMonkey, Mozilla IonMonkey, software