Home > Web > Firefox browser now disables plugin support…

Firefox browser now disables plugin support, prevents fake 'secure' cookies

Why it matters to you

This latest version of Firefox provides a more secure browsing experience by enhancing its warnings.

Mozilla has released version 52 of its Firefox browser for the desktop. The release adds several new features to the web browsing experience including a warning for non-secure websites, support for WebAssembly, and better support for touch-enabled Windows devices. The update will gradually roll out to existing Firefox installs starting on March 7 alongside the downloadable version. It can also be accessed from Mozilla’s public FTP right here.

First, Mozilla’s new warning in Firefox will display a “This connection is not secure” message when users click on a username and/or password text field on sites not using HTTPS. If you’re not familiar with what that means, HTTPS indicates that the transmission of data between the website and Firefox is encrypted so that hackers can’t grab the sensitive data as it travels the virtual highways.

More: Snooze tabs and report issues with two new Firefox experimental features

This warning extends Mozilla’s move to provide visual indications for secure and non-secure websites. Previously, Firefox 51 began displaying a grey lock icon with a red strike-through in the address bar to show that a website that was requiring a password wasn’t secure. Otherwise, all sites with HTTPS at the beginning of their address sport a green lock to indicate an encrypted connection. Eventually, Firefox will display the struck-through lock icon for all non-secure web pages.

Another added security measure is the Strict Secure Cookies specification. This will prevent non-secure HTTP-based websites from creating cookies with the “secure” attribute. This specification will also keep non-secure sites from creating cookies using the same name used in a “secure” cookie already generated by a site on the same base domain.

As for the new support for WebAssembly, this is an emerging programming language for executing applications within the browser on the client side. It’s supposedly better than JavaScript and creates smaller web-based app bundles for a faster delivery time. According to Mozilla, WebAssembly provides “near-native” performance to games, apps, and software libraries used within the browser environment.

As an example of using WebAssembly in browser-based games, Tanks is a multiplayer demo enabling two players to control their own tank using the same keyboard (blue uses WASD and red uses the arrow keys). A video of Zen Garden from Epic Games can be seen here showcasing a demo running in the new Firefox release. A hands-on version wasn’t available at the time of this publication.

Finally, one of the notable changes made to Firefox 52 is the removal of support for Netscape Plugin API plugins (NPAPI). Although Flash can still be used, Silverlight, Java, Acrobat, and similar plugins can no longer be enabled. This is old browser technology that first made its appearance in 1995 with the Netscape Navigator 2.0 browser. Plugins are non-secure attack vectors used by hackers, hence the general shift over to the safer HTML5 technology.

For more information about what Firefox 52 brings to the desktop, check out the release notes here. Firefox 52 is also available on Android, and the release notes can be accessed here.