The unsafe plugin notification is not sufficiently informative (leading to frustration)
mratcliffe at mozilla.com
Tue Jul 14 09:14:37 UTC 2015
I had this warning the yesterday saying that flash is unsafe and that I
should upgrade it. I upgraded it and was surprised to see that after the
upgrade I received the same notification.
In the end I had to use Chrome to watch the video that I was trying to
watch... this will obviously drive people away from Firefox and over to
On 14/07/2015 09:13, Mark S wrote:
> Right now we are (rightly) blocking all versions of Flash because of
> unpatched vulnerabilities. I've seen signs that this is causing much
> confusion and frustration for users - and many users are going to
> blame Firefox.
> Chrome's Flash currently has the same vulnerabilities but Chrome is
> doing nothing to block or mitigate the problem. So users will see
> that Chrome "just works."
> We present an alarming notification bar telling people that the plugin
> is unsafe.
> This is great, but does not lead users towards being informed or
> finding a solution. This is confusing and frustrating for users who
> are wondering "What's going on?? How do I fix this?"
> As of this writing there *is* no solution, but we should at least make
> it easy for users to know this and help them understand why or else
> they are likely to think that Firefox is the problem.
> I suggest a "Why?" button or link be added to the bar that allows
> users to see more information.
> It has been pointed out that the Plugin Check page (
> https://www.mozilla.org/en-US/plugincheck/ ) clearly states that all
> versions of Flash are vulnerable, but getting to this page is
> non-obvious and doesn't appear associated to the problem when users
> encounter a Flash-containing page.
> Following the "More Info" link from Flash in about:addons can get
> https://blocklist.addons.mozilla.org/en-US/firefox/blocked/p946 which
> is not nearly as clear. It sounds like it's just an old version and
> needs updated. Most users however will not get to this page as they
> will not organically browse to the about:addons > Plugins section.
> Perhaps we did not originally run under the assumption that a plugin
> could be so thoroughly exploited and unpatched with no update available.
> We need to connect the problem more directly to the "solution" for our
> users and the current notification fails to do this.
> P.S. It has been pointed out that clicking on the alarming lego brick
> in the location bar (which we can assume most users will not do)
> contains a link titled "What's the risk?" This link takes users to...
> https://get.adobe.com/flashplayer/ which has been described as "less
> than stellar" aka kinda ridiculous.
> firefox-dev mailing list
> firefox-dev at mozilla.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the firefox-dev