The unsafe plugin notification is not sufficiently informative (leading to frustration)

Mark S caspy77 at gmail.com
Tue Jul 14 08:13:43 UTC 2015


Right now we are (rightly) blocking all versions of Flash because of
unpatched vulnerabilities.  I've seen signs that this is causing much
confusion and frustration for users - and many users are going to blame
Firefox.
Chrome's Flash currently has the same vulnerabilities but Chrome is doing
nothing to block or mitigate the problem.  So users will see that Chrome
"just works."

We present an alarming notification bar telling people that the plugin is
unsafe.
http://i.imgur.com/vocQhtk.png
This is great, but does not lead users towards being informed or finding a
solution.  This is confusing and frustrating for users who are wondering
"What's going on?? How do I fix this?"

As of this writing there *is* no solution, but we should at least make it
easy for users to know this and help them understand why or else they are
likely to think that Firefox is the problem.

I suggest a "Why?" button or link be added to the bar that allows users to
see more information.

It has been pointed out that the Plugin Check page (
https://www.mozilla.org/en-US/plugincheck/ ) clearly states that all
versions of Flash are vulnerable, but getting to this page is non-obvious
and doesn't appear associated to the problem when users encounter a
Flash-containing page.

Following the "More Info" link from Flash in about:addons can get
https://blocklist.addons.mozilla.org/en-US/firefox/blocked/p946 which is
not nearly as clear.  It sounds like it's just an old version and needs
updated.  Most users however will not get to this page as they will not
organically browse to the about:addons > Plugins section.

Perhaps we did not originally run under the assumption that a plugin could
be so thoroughly exploited and unpatched with no update available.

We need to connect the problem more directly to the "solution" for our
users and the current notification fails to do this.

P.S. It has been pointed out that clicking on the alarming lego brick in
the location bar (which we can assume most users will not do) contains a
link titled "What's the risk?"  This link takes users to...
https://get.adobe.com/flashplayer/ which has been described as "less than
stellar" aka kinda ridiculous.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/firefox-dev/attachments/20150714/597a8067/attachment.html>


More information about the firefox-dev mailing list