The unsafe plugin notification is not sufficiently informative (leading to frustration)

Kirjavainen Tero terkir81 at gmail.com
Tue Jul 14 16:32:17 UTC 2015


Anyway to activate html5 instead of flashplayer plugin?
In my experience youtube works just fine without flashplugin.

On Tuesday 14 July 2015 12:25:57 Mark S wrote:
> Agreed. I think this is a very serious problem.
>
> I will point out that Adobe has updated Flash such that installing an
> update untrips our click-to-play warning.  This is good for us, but bad
> that it could happen again next week.
>
> If we're going to break our users' experience and raise their blood
> pressures, let's at least have them divert their anger in the right
> direction.
>
> Also, Adobe has not yet updated the release notes page so I have no idea if
> they've fixed *both* 0-day exploits. (If not, then we need to raise the
> alarm, again.)
>
> On Tue, Jul 14, 2015 at 4:14 AM, Mike Ratcliffe <mratcliffe at mozilla.com>
>
> wrote:
> >  I had this warning the yesterday saying that flash is unsafe and that I
> > should upgrade it. I upgraded it and was surprised to see that after the
> > upgrade I received the same notification.
> >
> > In the end I had to use Chrome to watch the video that I was trying to
> > watch... this will obviously drive people away from Firefox and over to
> > Chrome.
> >
> > /Mike Ratcliffe
> >
> >
> > On 14/07/2015 09:13, Mark S wrote:
> >
> > Right now we are (rightly) blocking all versions of Flash because of
> > unpatched vulnerabilities.  I've seen signs that this is causing much
> > confusion and frustration for users - and many users are going to blame
> > Firefox.
> > Chrome's Flash currently has the same vulnerabilities but Chrome is doing
> > nothing to block or mitigate the problem.  So users will see that Chrome
> > "just works."
> >
> > We present an alarming notification bar telling people that the plugin is
> > unsafe.
> > http://i.imgur.com/vocQhtk.png
> > This is great, but does not lead users towards being informed or finding
> > a solution.  This is confusing and frustrating for users who are
> > wondering "What's going on?? How do I fix this?"
> >
> > As of this writing there *is* no solution, but we should at least make it
> > easy for users to know this and help them understand why or else they are
> > likely to think that Firefox is the problem.
> >
> > I suggest a "Why?" button or link be added to the bar that allows users
> > to see more information.
> >
> > It has been pointed out that the Plugin Check page (
> > https://www.mozilla.org/en-US/plugincheck/ ) clearly states that all
> > versions of Flash are vulnerable, but getting to this page is non-obvious
> > and doesn't appear associated to the problem when users encounter a
> > Flash-containing page.
> >
> > Following the "More Info" link from Flash in about:addons can get
> > https://blocklist.addons.mozilla.org/en-US/firefox/blocked/p946 which is
> > not nearly as clear.  It sounds like it's just an old version and needs
> > updated.  Most users however will not get to this page as they will not
> > organically browse to the about:addons > Plugins section.
> >
> > Perhaps we did not originally run under the assumption that a plugin
> > could be so thoroughly exploited and unpatched with no update available.
> >
> > We need to connect the problem more directly to the "solution" for our
> > users and the current notification fails to do this.
> >
> > P.S. It has been pointed out that clicking on the alarming lego brick in
> > the location bar (which we can assume most users will not do) contains a
> > link titled "What's the risk?"  This link takes users to...
> > https://get.adobe.com/flashplayer/ which has been described as "less than
> > stellar" aka kinda ridiculous.
> >
> >
> > _______________________________________________
> > firefox-dev mailing
> > listfirefox-dev at mozilla.orghttps://mail.mozilla.org/listinfo/firefox-dev





More information about the firefox-dev mailing list