Firefox 17 launches with click-to-play plugin blocks for old Adobe Reader, Flash, and Silverlight

As expected, Mozilla on Tuesday officially launched Firefox 17 for Windows, Mac, and Linux. Although the new version was already available yesterday on the organization’s FTP servers, it has now also been released over on Firefox.com. If you’re looking for Firefox for Android version 17, that was also released on Monday.

The biggest addition in this release, in my opinion, is click-to-play plugins, announced back in October. In short, the addition means Mozilla will now prompt Firefox users on Windows with old versions of Adobe Reader, Adobe Flash, and Microsoft Silverlight (more will be added eventually).

Mozilla is essentially merging together the idea of click-to-play plugins (don’t load plugins until they’re clicked) with the concept of a blocklist (a list of addons and plugins that are disabled). As such, click-to-play blocklisted plugins consist of a list of plugins that Mozilla deems unsafe for its Firefox users. Instead of completely disabling what’s on the list, however, the company will prevent them from running when the page loads: you’ll have to click first.

 

Here’s how the feature looks:

The prompt tells you that the plugin is vulnerable and thus Firefox has stopped it from loading automatically. If there is an update available, you will be prompted to update the plugin, but you will still also be able to use it, if you want to, by clicking on the blocked grey box.

Additionally, if plugins are blocked on the currently-viewed Web page, Mozilla will feature a blue icon to the left of the address bar for more information. Here’s how the menu looks when opened up:

Although this feature is enabled by default, you can set it to work for all plugins, not just old ones, in the about:config preference “plugins.click_to_play” (set to true). While this is not an all-purpose plugin management system, it should still be useful as a prevention mechanism against drive-by attacks (such as urging users to click on a video link that is almost never what it claims to be or hiding in ads on a legitimate website) targeting plugins that are known to be vulnerable.

There are of course other Firefox 17 features worth noting; here’s the official changelog:

  • NEW: Click-to-play blocklisting implemented to prevent vulnerable plugin versions from running without the user’s permission.
  • CHANGED: Updated Awesome Bar experience with larger icons.
  • CHANGED: Mac OS X 10.5 is no longer supported.
  • DEVELOPER: JavaScript Maps and Sets are now iterable.
  • DEVELOPER: SVG FillPaint and StrokePaint implemented.
  • DEVELOPER: Improvements that make the Web Console, Debugger and Developer Toolbar faster and easier to use.
  • DEVELOPER: New Markup panel in the Page Inspector allows easy editing of the DOM.
  • HTML5: Sandbox attribute for iframes implemented, enabling increased security.
  • FIXED: Over twenty performance improvements, including fixes around the New Tab page.
  • FIXED: Pointer lock doesn’t work in web apps (769150).
  • FIXED: Page scrolling on sites with fixed headers (780345).

Apart from the usual performance improvements, and the sandboxing of iframes, the next most important thing is that support for OS X 10.5 Leopard has been dropped. This follows in Google Chrome’s footsteps, which did the same back in September.

If you’re a Web developer, you may want also to check out Firefox 17 for developers.