Firefox 26 says no to Java plugins

email article email article print article print article tip @techmeme

firefoxJava

Mozilla’s flagship product Firefox just released its latest version, number 26, and although it comes with an array of features, one stands out: by default it blocks all Java plugins, you have to specifically allow each one. You might not be aware of this if you are not a techie but Java plugins are ubiquitous on the net.

Though this is a rather significant shift it is not entirely a surprise — unfortunately exploitations of Java plugins through web-based malware attacks are not uncommon and have escalated in the last few years. So much so that a site was made to have a count down since the last known Java 0-day exploit (0-day generally means that it was exploited in the wild before the vendor in this case Firefox knew about the issue. If a security researcher declares publicly that there is some vulnerability, it begins counting. They are at 148 on the date of this post) thus this security update is needed.

Apparently Mozilla wanted to have the feature in version 24 already but it caused a rather large stir with the users stating:

The history of security vulnerabilities in Java and poor response times means that Java is likely to be permanently unsafe. In order to protect most users, while still allowing users to override per-site, we intend to:

* mark the most recent version of the Java plugin as unsafe without an available update.
* mark older versions of the Java plugin as unsafe with an update available.

The effects of this change is that the user can still enable Java permanently for particular sites, but will not be able to enable Java for all sites.

This change should be applied to Firefox 24 and later only, because we have improved the click-to-play UI so that it is more discoverable and usable.

Now when the browser lands on a page it blocks every Java plugin by default, asking the user if it should allow each plugin. Here is an example via virtual horse racing game digiturf.com:

firefox26

The user is given the options:

  • Block Plugin
  • Allow now
  • Allow and Remember

Obviously the ‘Allow and Remember’ adds the current webpage to the browser’s whitelist so that Java code on it will run automatically from then on.

The most used plugin on the web is of course Adobe Flash, but that in itself is also the reason it gets a free pass (at least for now) as it would cut off half the web to the average user. Though the Apple devices are cutting that trend down in short order (the iPhone and iPads don’t allow flash).

Firefox’s latest version has number of security patches, bug fixes, and minor new features. The release notes are available online and here are the top new features:

Firefox 26 features

What do you think of the update and the ramifications of it on the web? Let us know in the comments.

email article email article print article print article

Related articles

Topics for this article

[ advertising enquiries ]

Share
  • BURN MEDIA TV

    WATCH THE LATEST EPISODE NOW
    Latest Episode
    Data woes? Here's 6 data saving tips for your smartphone

MORE HEADLINES

news

VIEW MORE

interviews

VIEW MORE

future trends

VIEW MORE

entrepreneurship

VIEW MORE

social media

VIEW MORE

facebook

VIEW MORE

twitter

VIEW MORE

google

VIEW MORE

advertising & marketing

VIEW MORE

online media

VIEW MORE

design

VIEW MORE

mobile

VIEW MORE

More in General Tech

4 massive trends and events that completely changed the face of tech in 2013

Read More »