Is Mozilla's Firefox 'click-to-play' feature a sound response to drive-by malware....

JMH · May 3, 2012

Is Mozilla's Firefox 'click-to-play' feature a sound response to drive-by malware attacks?

According to a blog post by Mozilla’s software engineer Jared Wein, Mozilla plans to introduce ‘click-to-play’ feature in upcoming versions of their flagship Firefox browser.

The feature — available to NoScript users for years — aims to prevent the systematic exploitation of browser plugin based client-side exploitation campaigns, by allowing end users to choose whether they would want to active content to load in the first place.

http://www.zdnet.com/blog/security/...nd-response-to-drive-by-malware-attacks/11825

JMH · May 4, 2012

Firefox to introduce click-to-play option to protect against dangerous plugins

Jared Wein of Mozilla blogged last month about a new feature he was developing for Firefox 14 called "click-to-play".
The idea is to block the default loading of plugins like Java and Flash when surfing to reduce the memory footprint and provide protection against exploitation of plugin vulnerabilities.

Firefox 14 click-to-play featureFirefox 14 click-to-play featureIf you have ever used NoScript, ScriptNo or Flashblock you will be familiar with this idea.
When you load a page like YouTube that has an embedded Flash/PDF/Java object, instead of it instantly loading the video you will see a black box with a logo representing the plugin.
When you click on the box it will launch the plugin and the video or other content will be rendered.

http://nakedsecurity.sophos.com/201...Feed:+nakedsecurity+(Naked+Security+-+Sophos)

zigzag3143 · May 5, 2012

Its a good idea for those who dont run No-Script or its equivalent. I just hope the lag doesnt become onerous

Is Mozilla's Firefox 'click-to-play' feature a sound response to drive-by malware....

JMH

Emeritus, Contributor

JMH

Emeritus, Contributor

zigzag3143

Contributor, Sysnative Staff Emeritus