Firefox 26 blocks Java plugins by default
December 11, 2013 – 5:02 AMMozilla released Firefox 26 which includes five critical, three high, three moderate, and three low security updates.
All Java plug-ins are defaulted to ‘click to play’, which is a welcome security addition.
Benjamin Smedberg, Engineering Manager, Stability and Plugins at Mozilla commented: “When Mozilla conducted a user research study on the prototype implementation of click-to-play plugins earlier this year, we discovered that many users did not understand what a plugin was. Participants were confused or annoyed by the experience, especially having to enable plugins on the same site repeatedly. We redesigned the click-to-play feature to focus on enabling plugins per-site, rather than enabling individual plugin instances on the page.”
The password manager now supports script-generated password fields and updates can now be performed by Windows users without write permissions to Firefox install directory (requires Mozilla Maintenance Service).