The unsafe plugin notification is not sufficiently informative (leading to frustration)

Mark S caspy77 at
Tue Jul 14 09:25:57 UTC 2015

Agreed. I think this is a very serious problem.

I will point out that Adobe has updated Flash such that installing an
update untrips our click-to-play warning.  This is good for us, but bad
that it could happen again next week.

If we're going to break our users' experience and raise their blood
pressures, let's at least have them divert their anger in the right

Also, Adobe has not yet updated the release notes page so I have no idea if
they've fixed *both* 0-day exploits. (If not, then we need to raise the
alarm, again.)

On Tue, Jul 14, 2015 at 4:14 AM, Mike Ratcliffe <mratcliffe at>

>  I had this warning the yesterday saying that flash is unsafe and that I
> should upgrade it. I upgraded it and was surprised to see that after the
> upgrade I received the same notification.
> In the end I had to use Chrome to watch the video that I was trying to
> watch... this will obviously drive people away from Firefox and over to
> Chrome.
> /Mike Ratcliffe
> On 14/07/2015 09:13, Mark S wrote:
> Right now we are (rightly) blocking all versions of Flash because of
> unpatched vulnerabilities.  I've seen signs that this is causing much
> confusion and frustration for users - and many users are going to blame
> Firefox.
> Chrome's Flash currently has the same vulnerabilities but Chrome is doing
> nothing to block or mitigate the problem.  So users will see that Chrome
> "just works."
> We present an alarming notification bar telling people that the plugin is
> unsafe.
> This is great, but does not lead users towards being informed or finding a
> solution.  This is confusing and frustrating for users who are wondering
> "What's going on?? How do I fix this?"
> As of this writing there *is* no solution, but we should at least make it
> easy for users to know this and help them understand why or else they are
> likely to think that Firefox is the problem.
> I suggest a "Why?" button or link be added to the bar that allows users to
> see more information.
> It has been pointed out that the Plugin Check page (
> ) clearly states that all
> versions of Flash are vulnerable, but getting to this page is non-obvious
> and doesn't appear associated to the problem when users encounter a
> Flash-containing page.
> Following the "More Info" link from Flash in about:addons can get
> which is
> not nearly as clear.  It sounds like it's just an old version and needs
> updated.  Most users however will not get to this page as they will not
> organically browse to the about:addons > Plugins section.
> Perhaps we did not originally run under the assumption that a plugin could
> be so thoroughly exploited and unpatched with no update available.
> We need to connect the problem more directly to the "solution" for our
> users and the current notification fails to do this.
> P.S. It has been pointed out that clicking on the alarming lego brick in
> the location bar (which we can assume most users will not do) contains a
> link titled "What's the risk?"  This link takes users to...
> which has been described as "less than
> stellar" aka kinda ridiculous.
> _______________________________________________
> firefox-dev mailing listfirefox-dev at mozilla.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the firefox-dev mailing list