Opt-in activation for plugins: Difference between revisions

Jump to navigation Jump to search

Opt-in activation for plugins (view source)

Revision as of 20:43, 16 April 2012

338 bytes added ,  16 April 2012
no edit summary
No edit summary
No edit summary
Line 74: Line 74:
* Mitigate attacks where user interacts with site (clickjacking, or simply wants to run vulnerable plugin)
* Mitigate attacks where user interacts with site (clickjacking, or simply wants to run vulnerable plugin)
|Feature non-goals=We can't prevent users getting owned up by vulnerable plugins if they choose to activate a plugin on a site hosting malicious payloads. This is why driving plugin updates is important.
|Feature non-goals=We can't prevent users getting owned up by vulnerable plugins if they choose to activate a plugin on a site hosting malicious payloads. This is why driving plugin updates is important.
Mozilla cannot maintain a list of every single plugin on the web and their current versions in order to block out of date plugins. We believe attackers mostly target a small set of the most widely deployed plugins, for which we can track current versions.. Improving plugincheck's knowledge of commonly used plugins is an ongoing goal.


Warning the user of a newly installed plugin - this is part of another feature : https://wiki.mozilla.org/Features/Firefox/Improved_plugin_installation_and_management_experience
Warning the user of a newly installed plugin - this is part of another feature : https://wiki.mozilla.org/Features/Firefox/Improved_plugin_installation_and_management_experience
Imelven
Confirmed users
197

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/420620"

Navigation menu