Bye bye, NPAPI: Mozilla issues critical update to Firefox, disables plugins
Mozilla has issued a string of patches for its Firefox browser, plugging vulnerabilities for everything from memory corruption, potentially exploitable crashes, iframe exploits, URL spoofing, malware, file deletion and DoS exploits.
The new 52.0 release caught the headlines this week is the fact that Firefox has disabled all NPAPI plugin capability except Flash, meaning common plugins such as Adobe Acrobat, Java and Microsoft Silverlight no longer load.
Mozilla says that it has been supporting various other web APIs that work without the need for plugins, and that users will probably not even notice a difference to their web browsing experience.
Mozilla believes that Flash and NPAPI plugins have helped websites that include video, sound and games, but they also slow down the browser, make it more vulnerable to security risk and make it more likely to crash.
Mozilla’s new Web APIs will function as replacements, but with better security, stability and performance.
The new 52.0 update enables those plugins, Mozilla says.
“Today, they’re ready. Many sites have adopted them, and almost all your favourite pages can be enjoyed without using old and insecure plugins. Firefox joins other modern browsers like Google Chrome and Microsoft Edge to remove support for these NPAPI plugins,” a statement on Mozilla’s help page says.
But for those now wanting to lose their old plugins, Mozilla says the separate Extended Support Release of Firefox will support those plugins until early 2018, which can be downloaded from Mozilla’s website.
Mozilla says that those wanting support for Java or other plugins must download the Windows (32-bit) download.