Mozilla evangelist asks Apple, Google and Microsoft to stop installing unwanted plug-ins

this is great!
firefox asks apple, microsoft and google to stop doing something plainly wrong and you manage to say the blame is on firefox for allowing them to do it?

it's like saying to someone who's just been robbed "eh, but you left the door open, it's all your fault, you deserved to be robbed, the robbers are nice guys".

come on, the ability to install plugins without user consent is clearly an issue, but the existence of an exploit doesn't mean the whoever use it to do something wrong is in the clear!

Whoa. Calm down. Firefox has been doing this for a long time, just because you discovered it *now* doesn't mean everyone should get up in arms and quit using Firefox.

Firefox allows you to view your saved passwords from within the browser preferences. Do you deem this a security risk worthy of not using Firefox?

Did you even know about that? If not, does it surprise you? Just because you learned something new about Firefox that doesn't quite sit well with you doesn't mean you should instigate others to switch browsers. Firefox as a whole is a *very* good browser. If you're not content with its current security features, then voice your opinion to Mozilla.

Besides, other browser all have security flaws or some kind of security risk whether it's intentional or unintentional. I'm sure Google chrome has its share of hidden security risks, Opera, Safari, I'm willing to bet they *all* have security risks of some nature.

While I do not appreciate it when other programs require me to exit Firefox so that they can install some plugin or add-on, that does not make me want to switch browsers. That simply makes me wish Firefox had some kind of resistance to this type of thing. Perhaps, Firefox should prompt you upon startup, "such and such program attempted to install a plugin or addon while Firefox was running, do you want to allow such and such addons/plugins to be installed?" That would be ample security.

As for the password manager built into Firefox, this has been talked about and I stand pretty firm when I say, I would be very sore if it was removed. But then again, I haven't really used it much since I started using Lastpass to store my passwords.

You shouldn't write articles like this, it's unproductive and annoying.

-Neil

These days I use Firefox exactly as often as I use IE: for cross-browser testing of web apps I develop. And for some flash streaming clients that don't have chrome plugins (CURSE the NFL and it's deal with DirecTV).

This comes down to user experience. I'm sure that apple feels that the general layperson just wants music downloads and iTunes to speak to each other. Most people have no clue how to install this stuff.

We really need a Trojan or virus writer to exploit this for evil before it gets plugged.

I agree with others. Firefox could choose to NOT load the plug-in until the user approves it.

Even if Apple/Google/MS/etc all agree to ask the user before installing the plugin, that still doesn't prevent other 'not nice' apps from installing their own plugins.

If Firefox didn't just blindly load all plugins that are sitting in some directory (instead, confirm that the user 'approves' it), then this wouldn't be a problem.

(I say 'Firefox' because that's what the article is about - maybe the same issue exists in other browsers and should be corrected there, too.)

He has a point. One problem that Windows users have when installing something as "normal" as Adobe Reader is that if they're not watching, they'll get saddled with a Google toolbar. Yahoo Messenger also adds a toolbar unless you deselect the option to install it. I find this kind of thing just as distasteful since the Adobe, and Yahoo are taking advantage of the tendency of most computer users to simply install without paying attention to the steps. There are a lot of Mac apps such as Skype that add themselves as startup items without asking first. That gets under my skin too.

I am shocked.. shocked that this can happen!!! But seriously, c'mon firefox.. how hard is it to block ANY installations of plugins without a prompt..

Asa is just trolling. Apple and Microsoft install by default OS-wide plugins that conform to the Netscape plugins specifications and that's why any compliant browser (e.g. Firefox) sees them and automagically uses them. Those plugins exist even if one doesn't have Firefox installed.

Firefox authors could make plugins activation/usage an opt-in and not opt-out process but they don't. Who's to blame now?

I don't know that Firefox can prevent plugins from being installed if it's not being done specifically through Firefox. Aren't they just files being written to a directory? The Firefox application doesn't own the directory; it has no control over what other apps write to a directory, right?