With Firefox 26, Mozilla has now restricted the ability of Java plug-ins to auto-load and automatically run. Other competitive Web browsers, including Apple’s Safari 7, already enable the same type of functionality. One of the primary differences between Firefox 26’s click-to-play implementation and Safari 7’s is that Firefox currently does not block Flash media content with click-to-play. The risk from automatically enabled plug-ins is that a user could potentially be directed to a malicious Website where a plug-in is used to automatically deliver some form of malware payload.
The plan is to expand the click-to-play effort in future releases of Firefox.
“The latest release of Firefox will continue to enable all plug-ins—except Java—by default while the click-to-play feature goes through additional testing in beta,” Chad Weiner, product manager for Firefox, told eWEEK. “In the coming weeks, we will announce details of a plug-in whitelist policy that will provide a path to exempting certain plug-ins and Websites from our click-to-play policy.”