Mozilla plans to change the way that their Firefox browser handles third party plugins in order to boost users’ security (personally I still think educating internet users in good security practices is a better way forward than controlling their browser behaviour). With the exception of Flash Player they will all be blocked by default, requiring the user to Click to Play in order to run.
“One of the most common exploitation vectors against users is drive by exploitation of vulnerable plugins. In this kind of attack, a user with outdated or vulnerable plugins installed in their browser can be infected with malware simply by browsing to any site that contains a plugin exploit kit.”
Mozilla Security Blog
Some of the significant plugins that will be blocked are Java, Flash and Silverlight, at least two of which seem to be favourites amongst the bad guys. When the new feature is rolled out these and other plugins will only load when the user clicks on an icon to specifically allow it. The browser only currently disables plugins that are out of date in order to minimise the risk of hack attacks as well as minimising the chances of the browser crashing.
Whether allowing the latest version of Flash Player to have an exemption is a good idea is, of course, debatable and doesn’t make a huge amount of sense to me, especially as that one is probably responsible for most of the crashes I’ve ever experienced in Firefox.
Firefox users will, however, be able to configure their browser to all some or all of their additional plugins to load automatically on select web sites.