The unsafe plugin notification is not sufficiently informative (leading to frustration)

Mike Ratcliffe mratcliffe at mozilla.com
Tue Jul 14 09:14:37 UTC 2015


I had this warning the yesterday saying that flash is unsafe and that I 
should upgrade it. I upgraded it and was surprised to see that after the 
upgrade I received the same notification.

In the end I had to use Chrome to watch the video that I was trying to 
watch... this will obviously drive people away from Firefox and over to 
Chrome.

/Mike Ratcliffe

On 14/07/2015 09:13, Mark S wrote:
> Right now we are (rightly) blocking all versions of Flash because of 
> unpatched vulnerabilities.  I've seen signs that this is causing much 
> confusion and frustration for users - and many users are going to 
> blame Firefox.
> Chrome's Flash currently has the same vulnerabilities but Chrome is 
> doing nothing to block or mitigate the problem.  So users will see 
> that Chrome "just works."
>
> We present an alarming notification bar telling people that the plugin 
> is unsafe.
> http://i.imgur.com/vocQhtk.png
> This is great, but does not lead users towards being informed or 
> finding a solution.  This is confusing and frustrating for users who 
> are wondering "What's going on?? How do I fix this?"
>
> As of this writing there *is* no solution, but we should at least make 
> it easy for users to know this and help them understand why or else 
> they are likely to think that Firefox is the problem.
>
> I suggest a "Why?" button or link be added to the bar that allows 
> users to see more information.
>
> It has been pointed out that the Plugin Check page ( 
> https://www.mozilla.org/en-US/plugincheck/ ) clearly states that all 
> versions of Flash are vulnerable, but getting to this page is 
> non-obvious and doesn't appear associated to the problem when users 
> encounter a Flash-containing page.
>
> Following the "More Info" link from Flash in about:addons can get 
> https://blocklist.addons.mozilla.org/en-US/firefox/blocked/p946 which 
> is not nearly as clear.  It sounds like it's just an old version and 
> needs updated.  Most users however will not get to this page as they 
> will not organically browse to the about:addons > Plugins section.
>
> Perhaps we did not originally run under the assumption that a plugin 
> could be so thoroughly exploited and unpatched with no update available.
>
> We need to connect the problem more directly to the "solution" for our 
> users and the current notification fails to do this.
>
> P.S. It has been pointed out that clicking on the alarming lego brick 
> in the location bar (which we can assume most users will not do) 
> contains a link titled "What's the risk?"  This link takes users to... 
> https://get.adobe.com/flashplayer/ which has been described as "less 
> than stellar" aka kinda ridiculous.
>
>
> _______________________________________________
> firefox-dev mailing list
> firefox-dev at mozilla.org
> https://mail.mozilla.org/listinfo/firefox-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/firefox-dev/attachments/20150714/a7bd3829/attachment.html>


More information about the firefox-dev mailing list