Firefox gets click-to-play option for plugins
Jared Wein, a software engineer at Mozilla, has created an implementation of "click-to-play plugins" for Firefox – with this enabled, the browser will require that content from plugins like Flash and Java is clicked before the plugin loads and runs. The feature, which Mozilla also calls "opt-in activation for plugins" is already accessible in nightly builds of Firefox and Wein is working on giving the browser the ability to remember click-to-play settings on a site-by-site basis.
Users with recent nightly builds of Firefox can try the new feature by typing
about:config into the address bar of the browser and then enabling the plugins.click_to_play flag. Once this setting is turned on, Flash and similar content on web pages will only play after the user has clicked on it. This functionality prevents videos (including advertisements) on web sites from autoplaying, which is an annoyance to many users. It also conserves system resources as content presented through plugins often makes up a big part of the resources consumed by the browser.
Another benefit of the click-to-play approach is that plugins only get loaded when the user actually clicks on the content in question. This limits the opportunities for "drive-by" malware attacks by malicious content that targets plugin vulnerabilities in Flash and Java. The feature could help prevent the spread of malware such as the Flashback trojan, as Java would only be loaded if the user expects legitimate Java content on the page in question and clicks on it, though malware creators could just use social engineering to encourage the user to click anyway.
More information about opt-in activation for plugins is available on the Mozilla wiki. Nightly builds of Firefox with the new feature included are available from the Mozilla web site for Windows, Mac OS X and Linux. Users are advised that running experimental versions of Firefox is not recommended for production environments.