Please consider a more user friendly UI for blocked plugins.

Rob Whelan firefox at jtheory.com
Wed Oct 23 04:26:44 UTC 2013


I'm also here from 914690 -- I posted comment 67: 
https://bugzilla.mozilla.org/show_bug.cgi?id=914690#c67
..and won't reiterate all of that again here, but will make my main 
points briefly:

- this is really very rough for usability; my users (students, sometimes 
young students) have to ignore frightening warnings and navigate 7 extra 
clicks through a baffling UI before they can even get to the Java 
plugin's own "click to play" dialog.
- with Oracle's dialog, at least there's a dialog!  Here, just scary 
warnings and no visible action to take.
- dealing with Oracle's click-to-play, I can sign/seal my applet JARs 
and explicitly limit them to the sandbox to get a relatively-friendly 
message.  With Firefox, that's all useless; there's nothing I can do.
- is there *data* on how the Java plugin is exploited, in the real 
world?  Are there exploits that find a way to execute dangerous code 
*before* Oracle prompts to upgrade (if you're not at the latest 
version), and *before* Oracle's own click-to-play runs?  The bug makes 
no mention of it, which suggests that this patch is killing my usability 
without actually improving security for Firefox users whatsoever.

If anyone would like to see how this looks, feel free:
http://emusictheory.com/practice/speedNoteNames.html

I'm fine with Firefox click-to-play; but throwing usability out of the 
window is not helpful except arguably to the few users who *tried* to 
enable a dangerous applet on a shady site and were unable... I'd rather 
not trade my site for that.

Kind regards,
Rob Whelan
eMusicTheory.com



More information about the firefox-dev mailing list