Click to play, the next big problem for many smaller companies

Benjamin Smedberg benjamin at
Wed Sep 11 16:08:42 UTC 2013

On 9/9/2013 5:04 PM, Richard Bateman wrote:
> Verifying authorship does give you some ability to assign 
> accountability for a plugin.  I guess I'm still trying to understand 
> exactly what the problem you are trying to solve is; it started out 
> feeling like you were trying to protect against intentionally 
> malicious plugins,
No, not particularly. If we know of an *intentionally* malicious plugin, 
we would hardblock it. But since plugins are installed binary software, 
they could basically already do anything they wanted.

> but the more we discuss it sounds like you're actually worried about 
> poorly written plugins / plugins with security vulnerabilities.

Yes, partly. We are trying to protect users against being exploited via 
insecure plugins. We are *also* trying to provide users with an informed 
choice about whether to use 3rd-party software. With addons, we present 
that choice at install time; but since plugins can be installed on the 
system by third parties.

> There seems to be a misperception that hidden plugins are uncommon
There may be many plugins that exist which are used hidden, but that 
doesn't mean that many users have or need them, or that we need to 
design for that case. We need to balance the needs of most users against 
the small set of users who may actually be using these plugins. Getting 
accurate numbers on this is hard, but what little data we do have says 
that there can't be more than about 2% of users in the entire world who 
have anything but the top 5 plugins:

* Flash
* Shockwave
* Java
* Silverlight
* Quicktime

In particular locales that number may be skewed: there are countries 
that have high-profile banks or government institutions which use 
plugins for auth/key exchange. But I surveyed those major sites back in 
February, and at that time all of them used visible plugin instances.


More information about the firefox-dev mailing list