Mozilla's latest version of Firefox will be enabled click-to-play by default. This feature is meant to deal with vulnerable or outdated plugins, and plugins that are blocked with the click-to-play flag will not be loaded by default. You will have to click on the plugin to run it in your browser. The click-to-play plugins will accompany a blocklist, which is essentially a list of addons and plugins that are disabled to prevent users coming to harm. This includes vulnerable and outdated versions of popular plugins. Whenever you are browsing a site that utilises a vulnerable or outdated plugin that has been included in the blocklist, you'll see the click-to-play frame over the blocked content. If you think that the site is s afe enough for you to run the plugin, simply click on the content to run it. Combining click-to-play with a blocklist enables you to choose whether vulnerable but useful plugins can be run on certain websites. This is quite a useful feature that can be enabled in Chrome as well. For users with slow Internet connections or data limits, click-to-play can prove to be especially useful as flash and other content can be loaded only when needed. This feature can also be found enabled by default on some smartphone browsers, including Opera, Chrome and Dolphin. Click-to-play is also a user-friendly way to indicate that you have outdated or unsafe plugins installed in your browser. Mozilla is also testing a new security mechanism in Firefox that will enable the browser to connect securely to a specified set of websites only when the site sends a valid security certificate. Future releases of Firefox will contain a list of sites known to employ HSTS (HTTP Strict Transport Security), which is a mechanism by which a server can indicate that the browser must use a secure connection when communicating with it. This list in Firefox is important because a browser usually doesn't know that it should communicate securely with a domain or website unless the server asks it to. This may lead to hackers or malicious code preventing the browser from ever establishing a secure connection with the host. The HSTS list will indicate to the browser that it is to connect to the specified sites securely by default, and unsecure connections to these must be refused. Visit as on Omnifuzz or FastFind
