Hi all, We are actively working on opt-in activation for plugins, and have updated the feature page listed here with our thinking: https://wiki.mozilla.org/Opt-in_activation_for_plugins
This feature is intended to help with drive-by security issues and general stability and resource consumption issues, but cannot by itself mitigate all plugin security risks. As you can see there are a number of open questions there, especially in terms of desirable behavior in each of the use cases. I'd like to discuss the pros and cons of each option here, and then I'll update the feature page to reflect our discussions. Thanks! Lucas. -- “You must do the thing you think you cannot do” - Eleanor Roosevelt _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security