If at first you don’t succeed...
Java blocked (again) in Firefox 26
The latest version of Firefox reinstates a controversial block on Java applets that was initially reversed after being branded “ultra-irresponsible” by irate users.
Implemented in October to protect users from Java’s high-profile security vulnerabilities, the block prevented Java from running without explicit user permission. However, an ambiguous UI confused many users who believed that Java was blocked altogether, and it was reluctantly pulled.
Since then, Firefox developers have been working on making the click-to-play UI more obvious and this week’s new release, Firefox 26, sees the block return once again.
The first pass at this click-to-play interface (below) was a severe-looking warning message overlaying the plugin frame, as well as a red icon next to the URL. However, this was criticised for being not obviously clickable and easily overlooked if the frame was small.
The click-to-play interface in October. The small red icon requires clicking on for the dialog to be shown.
To resolve this, Firefox 26 also shows a Chrome-style banner in addition to the existing UI (below). Several related bugs, such as unusual edge cases which might result in the UI not appearing, have also been fixed.
The new click-to-play interface in Firefox 26 puts a Chrome-style banner across the top of the window in addition to the existing warnings.
Java is currently the only plugin in Firefox to be click-to-play by default, perhaps because it is so commonly exploited in so-called ‘drive by’ attacks. Flash, Silverlight and Quicktime are also planned to get this click-to-play behaviour after further beta testing.
It remains to be seen if the changes implemented in Firefox 26 will be enough to satisfy the disgruntled users who flooded Mozilla’s bug tracker last time Java was made click-to-play. Regardless of its insecurity and age, client-side Java is still firmly entrenched in many important websites, and a crucial platform for a sizable portion of internet users.