By Shailesh Shrivastava email: firstname.lastname@example.org | Jan 31, 2013 03:20 AM EST
In a bid to give its users more secure and seamless browsing experience, Mozilla is going to disable all the automatic browser plug-ins except Adobe Flash Player.
The major plug-ins to get eliminated from Mozilla's Firefox are Java, Microsoft Silverlight, and Adobe Reader. The content based on these plug-ins will only be available on the wish of the user. To enable the plug-ins, one will have to give permission using click-to-play feature introduced by Mozilla last year.
With the move Mozilla aims to prevent its users from unwanted crashes, pauses, and other issues occurring because of outdated third-party plug-ins.
"Poorly designed third party plugins are the number one cause of crashes in Firefox and can severely degrade a user's experience on the Web. This is often seen in pauses while plugins are loaded and unloaded, high memory usage while browsing, and many unexpected crashes of Firefox. By only activating plugins that the user desires to load, we're helping eliminate pauses, crashes and other consequences of unwanted plugins," Michael Coates, Director of Mozilla's security assurance, posted on company's blog.
As Mozilla is going to disable Java, Silverlight, and Adobe reader on grounds of making the users' computers or other browsing devices vulnerable and slow, the company has kept Adobe Flash Player intact.
The reason behind keeping the Flash Player is not know; however, Flash Player is one of the main reasons Firefox users experience freezes and crashes of the browser.
Last year, Firefox users witness unexpected complications with their browsers mainly because of an update of Flash Player. Users were not able to play YouTube videos, moreover, the browser crashed in many cases after slowing down.
Firefox, though, released some tips on its support forum but in the end it recommended "If updating RealPlayer did not resolve the issue or Flash is constantly crashing, you should uninstall Flash 11.3 and downgrade to Flash 10.3."
Adobe went one step ahead and recommended users to compromise their system's security and make the browser vulnerable to security issues by disabling the protected mode of the Flash Player.
The new police will also give users more secure browsing as vulnerable plug-ins will by default be kept out of the browser unless the user really needs it.
Mozilla also makes it for safe for the company for a situation of a bug or Trojan attack as it keeps the decision of plug-in installation up to a user's choice.
Java has been battling with security issues for quite a long time. This month Java came under a security threat because of a zero-day exploit.
The security threat was so severe that the Department of Homeland Security released an advisory alerting people about the threat.
"A vulnerability in Java's Security Manager allows a Java applet to grant itself permission to execute arbitrary code. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate web site and upload a malicious Java applet (a 'drive-by download' attack)," the advisory said.
Any Web browser using the Java 7 plug-in is affected. The Java Deployment Toolkit plug-in and Java Web Start can also be used as attack vectors. Reports indicate this vulnerability is being actively exploited, and exploit code is publicly available, the department added in the advisory.