Firefox 52 kills plugins – except Flash – and runs up a red flag for HTTP

New browser also crumbs cookies and finds new ways to speed web apps

Firefox 52's new security warnings

The Mozilla Foundation has has given the world the fifty-second version of the Firefox browser, complete with some significant changes.

Most notable is the eviction of plug-ins. The browser will now only run Flash. Anything else reliant on the Netscape Plugin API (NPAPI) is now verboten. Which means Silverlight, Java and Acrobat are gone, daddy, gone.

To ease the passing of plugins, Firefox has added support for the WebAssembly client-side scripting environment. Mozilla says WebAssembly “brings near-native performance to Web-based games, apps, and software libraries without the use of plugins.”

The second big change is the addition of significant warnings when Firefox visits web sites that don't run HTTPS.

Mozilla warned us Firefox would soon be warning us about this sort of thing back in January, when it showed off the look depicted above (or here for m.reg readers).

The organisation's done so because its mission to popularise the web demands it: there's plenty of HTTPS-enabled sites out there but Mozilla wants more and figures if it can deter people from having bad experiences on insecure sites that won't hurt.

To that end Firefox 52 also supports the “Strict Secure Cookies” specification. That effort prevents HTTP-only sites from delivering cookies with the “secure”attribute. That attribute denotes the cookie should only be transported over encrypted link, but it is still possible to access such cookies over HTTP under some circumstances. Adopting the new spec will mean cookies marked “secure” can only be touched by HTTPS servers.

Full release notes for version 52 are yours for the reading, here. ®

Biting the hand that feeds IT © 1998–2017