Mozilla has announced that sometime soon, it will be no longer automatically load any plugins on Firefox except the latest version of Flash, instead utilizing Click to Play, which requires users to manually authorize the use of a plugin. This is in an effort to reduce security risks that result from automatically using plugins like Java and Silverlight.
Plugins – and especially Java – are notorious for posing security risks, being used by hackers and malware to infiltrate unsuspecting users. Previously, these plugins would load on a website automatically in Firefox. That changed when Mozilla introduced Click-to-Play, which prevented plugins from automatically loading content and requiring user authorization instead.
Another issue with automatically loading plugins concerns stability, with Mozilla stating that poorly-made ones are the #1 reason the browser crashes, and likewise they can present a large drag on performance. Limiting the plugins that load will keep users from experiencing sudden browser crashes and high memory use. It is for these reasons Mozilla is moving ahead with its plan.
Sometime in the unspecified future, the company will tweak Firefox so that Click to Play is default for all plugins, regardless of version, with the exception of the current version of Flash. Everything else – Silverlight, Java, etc. – will all be blocked by default. Users will still be able to configure Click to Play, however, so that some plugins automatically load on certain websites, or so that plugins are never run on other sites.