sb-as logo
Story image

Bye bye, NPAPI: Mozilla issues critical update to Firefox, disables plugins

10 Mar 2017

Mozilla has issued a string of patches for its Firefox browser, plugging vulnerabilities for everything from memory corruption, potentially exploitable crashes, iframe exploits, URL spoofing, malware, file deletion and DoS exploits.

The new 52.0 release caught the headlines this week is the fact that Firefox has disabled all NPAPI plugin capability except Flash, meaning common plugins such as Adobe Acrobat, Java and Microsoft Silverlight no longer load.

Mozilla says that it has been supporting various other web APIs that work without the need for plugins, and that users will probably not even notice a difference to their web browsing experience.

Mozilla believes that Flash and NPAPI plugins have helped websites that include video, sound and games, but they also slow down the browser, make it more vulnerable to security risk and make it more likely to crash.

Mozilla’s new Web APIs will function as replacements, but with better security, stability and performance.

The new 52.0 update enables those plugins, Mozilla says.

“Today, they’re ready. Many sites have adopted them, and almost all your favourite pages can be enjoyed without using old and insecure plugins. Firefox joins other modern browsers like Google Chrome and Microsoft Edge to remove support for these NPAPI plugins,” a statement on Mozilla’s help page says.

But for those now wanting to lose their old plugins, Mozilla says the separate Extended Support Release of Firefox will support those plugins until early 2018, which can be downloaded from Mozilla’s website.

Mozilla says that those wanting support for Java or other plugins must download the Windows (32-bit) download.

Story image
Microsoft takes legal action to disrupt botnet and combat ransomware
Microsoft has announced it took action to disrupt a botnet, Trickbot, one of the world's most infamous botnets and prolific distributors of malware and ransomware.More
Story image
Five Eyes nations want legal access to backdoors to fight 'illegal content'
The nations argue that encryption can make the enforcement of public safety difficult, particularly when it comes to serious problems like child exploitation. More
Story image
Creating private data regulations for employees
Whether employees are hired on a part-time or full-time basis, everyone must know about data privacy regulations. Everyone needs to be responsible for keeping the organisation’s data secure. More
Story image
BlackBerry partners with ServiceNow for incident response management
BlackBerry has announced it has entered into a partnership with ServiceNow to integrate the BlackBerry AtHoc service within the Now platform for rapid crisis communications and IT service management. More
Story image
Cisco report: Remote working is here to stay, making cybersecurity a top priority
"With this new way of working here to stay and organisations looking to increase their investment in cybersecurity, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and end-users.”More
Story image
Surfshark rolls out WireGuard open source VPN protocol
When there is less code in a VPN, it is less susceptible to security vulnerabilities due to easier configuration and management, according to Surfshark.More