While its popularity suffers from a decline in the past year or two, Firefox is still a great browser which has a lot of things to offer. One of those things is the ability to control whether a plug-in will start automatically when the relevant content is being loaded, or should the browser ask for the end-user’s permissions to activate the plug-in on a per-site basis.
When can the above functionality be most useful? When defending against malware. The sad truth is that being infected via a drive-by malware is something that can happen to anyone, regardless the security measures being taken (e.g using Linux or OSX, having an anti-virus running or using a browser which is not IE). Due to the increased efforts in making it secure, Firefox has very little known vulnerabilities in the core browser engine, forcing the bad guys to opt for its plug-ins as the attack vector.
Unfortunately, Adobe (maker of Flash and Reader) and Oracle (maker of Java) are still doing a so-so job in terms of making secure software, thus it is recommended to have their plug-ins run only when the user approves them to run.
As a matter of fact, I’d recommend getting rid of Java and Reader entirely, yet Flash is still needed for many sites, thus cannot be discarded easily.
So how could one make Firefox ask for a permission to run such plug-ins? Easy:
- Open the “tools” menu and choose “add-ons” (ctrl-shift-a for non OSX users).
- Choose the “plug-ins” tab on the left panel.
- Choose “ask to activate” for the not-so-secure plug-ins.
That’s it. Have a safe browsing.