If at first you don’t succeed...

Java blocked (again) in Firefox 26

Elliot Bentley
firefox-red-bg1

Following user confusion in October, Firefox devs take second shot at a click-to-play interface for Java applets.

The
latest version of Firefox reinstates a controversial block on Java
applets that was initially reversed after being
branded “ultra-irresponsible”
by irate users.

Implemented in October to protect users from Java’s

high-profile security vulnerabilities
, the block prevented Java
from running without explicit user permission. However, an
ambiguous UI confused many users who believed that Java was blocked
altogether, and it was
reluctantly pulled
.

Since then, Firefox developers have been working on
making the click-to-play UI more obvious and this week’s new
release, Firefox
26
, sees the block return once again.

The first pass at this click-to-play interface (below)
was a severe-looking warning message overlaying the plugin frame,
as well as a red icon next to the URL. However, this was criticised
for being not obviously clickable and easily overlooked if the
frame was small.

The click-to-play interface in October. The small
red icon requires clicking on for the dialog to be shown.

To resolve this, Firefox 26 also shows a Chrome-style banner in
addition to the existing UI (below). Several related bugs, such as
unusual edge cases which might result in the UI not appearing, have
also been fixed.

The new click-to-play
interface in Firefox 26 puts a Chrome-style banner across the top
of the window in addition to the existing warnings.

Java is currently the only plugin in Firefox to be click-to-play
by default, perhaps because it is so commonly exploited in
so-called ‘drive by’ attacks. Flash, Silverlight and Quicktime are
also planned to get this click-to-play behaviour after further beta
testing.

It remains to be seen if the changes implemented in Firefox 26
will be enough to satisfy the disgruntled users who flooded
Mozilla’s bug tracker last time Java was made click-to-play.
Regardless of its insecurity and age, client-side Java is still
firmly entrenched in many important websites, and a crucial
platform for a sizable portion of internet users.

Author
Comments
comments powered by Disqus