Status of click-to-play plugins in Firefox 24/26

Chad Weiner cweiner at
Wed Oct 30 00:04:05 UTC 2013

I hear a plea for a decision on how to move forward, so here's what I'd 
like to propose.  This is obviously complex, so let's use this thread 
to air additional perspectives and conversation for the next 24 hours 
or so.  Gavin, Madhava and I will then meet before the end of the week, 
along the way soliciting info from key folks involved to make the call.

Sound acceptable?


On Tue Oct 29 15:44:30 2013, joakimsen wrote:
> In the addon manager would require the user to click. I'm talking about a method to do this programmatically for many machines. Further, my understanding is that once CtP UI issues are resolved the latest Jave release, even if there are no known exploits, will be marked as "insecure." I know ADP payroll requires a certain version of Java 6 to function, how do we deal with those users until the system is compatible with the latest Java?
>> -----Original Message-----
>> From: Benjamin Smedberg [mailto:benjamin at]
>> Sent: Tuesday, October 29, 2013 5:48 PM
>> To: joakimsen; 'Firefox Dev'
>> Cc: 'Chad Weiner'; 'Larissa Co'; 'Madhava Enros'
>> Subject: Re: Status of click-to-play plugins in Firefox 24/26
>> On 10/29/2013 5:45 PM, joakimsen wrote:
>>> CTP Manager is an extension, it is not part of the core Firefox code. Further
>> it's my understanding that it lets the user whitelist an individual site or site-
>> plugin pair. What is needed is a built-in mechanism to whitelist an entire
>> plugin globally. It doesn't need to have a UI for the user, about:config options
>> would suffice.
>> For any plugin that isn't marked insecure, you can do this directly in the
>> addon manager.
>> For plugins that are marked insecure this is not an available UI option.
>> --BDS

More information about the firefox-dev mailing list