To improve security and cut crashes, Firefox will block plug-ins including Microsoft Silverlight, Adobe Reader, Apple's QuickTime and Oracle's Java, Mozilla said.

Only the newest version of Adobe Systems' Flash Player will be run by default, said Michael Coates, Mozilla's director of security assurance, in a blog post yesterday.

Plug-ins extend a browser's ability to run software or handle different media and file formats, but that extra ability opens new avenues for attack. They've been a staple of Web development for years, but browser makers are working hard to reproduce their abilities directly with Web standards that don't require plug-ins.

Firefox will disable the execution of non-Flash plug-ins by default with a feature called Click to Play that lets people run each plug-in on a particular Web page if they choose.

Click to Play can be configured to override Mozilla's defaults, letting people set it to always or never run a particular plug-in.

Coates explained Mozilla's rationale this way: