The unsafe plugin notification is not sufficiently informative (leading to frustration)

Mike Ratcliffe mratcliffe at
Tue Jul 14 09:14:37 UTC 2015

I had this warning the yesterday saying that flash is unsafe and that I 
should upgrade it. I upgraded it and was surprised to see that after the 
upgrade I received the same notification.

In the end I had to use Chrome to watch the video that I was trying to 
watch... this will obviously drive people away from Firefox and over to 

/Mike Ratcliffe

On 14/07/2015 09:13, Mark S wrote:
> Right now we are (rightly) blocking all versions of Flash because of 
> unpatched vulnerabilities.  I've seen signs that this is causing much 
> confusion and frustration for users - and many users are going to 
> blame Firefox.
> Chrome's Flash currently has the same vulnerabilities but Chrome is 
> doing nothing to block or mitigate the problem.  So users will see 
> that Chrome "just works."
> We present an alarming notification bar telling people that the plugin 
> is unsafe.
> This is great, but does not lead users towards being informed or 
> finding a solution.  This is confusing and frustrating for users who 
> are wondering "What's going on?? How do I fix this?"
> As of this writing there *is* no solution, but we should at least make 
> it easy for users to know this and help them understand why or else 
> they are likely to think that Firefox is the problem.
> I suggest a "Why?" button or link be added to the bar that allows 
> users to see more information.
> It has been pointed out that the Plugin Check page ( 
> ) clearly states that all 
> versions of Flash are vulnerable, but getting to this page is 
> non-obvious and doesn't appear associated to the problem when users 
> encounter a Flash-containing page.
> Following the "More Info" link from Flash in about:addons can get 
> which 
> is not nearly as clear.  It sounds like it's just an old version and 
> needs updated.  Most users however will not get to this page as they 
> will not organically browse to the about:addons > Plugins section.
> Perhaps we did not originally run under the assumption that a plugin 
> could be so thoroughly exploited and unpatched with no update available.
> We need to connect the problem more directly to the "solution" for our 
> users and the current notification fails to do this.
> P.S. It has been pointed out that clicking on the alarming lego brick 
> in the location bar (which we can assume most users will not do) 
> contains a link titled "What's the risk?"  This link takes users to... 
> which has been described as "less 
> than stellar" aka kinda ridiculous.
> _______________________________________________
> firefox-dev mailing list
> firefox-dev at

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the firefox-dev mailing list