Why does "click to activate" activate all plugin instances?
Isn't this a bit of a security hole? Browser shouldn't be activating a hidden webcam-hijacking script (e.g. http://feross.org/webcam-spy/) just because I activated an embedded YouTube video.
Isn't this a bit of a security hole? Browser shouldn't be activating a hidden webcam-hijacking script (e.g. http://feross.org/webcam-spy/) just because I activated an embedded YouTube video.
All Replies (1)
Adobe Flash has a setting to disable the camera
Firstly I have no reason to expect the article you attempt to link to is up to date and still a problem IF you use an up to date Firefox and an up to date Flash player.
Secondly Click to activate is actually an improvement, because it allows you to choose when to have plugins active on a site by site basis. Without this feature it was an all or nothing for plugins.
Note also that there are addons that will work as script &/or Flash blockers
- For instance https://addons.mozilla.org/en-US/firefox/search/?q=block (There will be other search terms you could use, and other software)