The Mozilla Foundation Wednesday announced a cooperative effort
to standardize plug-in
ushering in a new era of multimedia accommodation on today’s Web browsers.
Together with Apple , Macromedia
, Sun
Microsystems and Opera, officials at the open source
organization said they are expanding the scope of its Netscape Plugin
Application Interface (NPAPI) to create an open source, secure and
scriptable plug-in model.
The five companies have a vested interest in creating an open standard on
the Internet: Opera (Opera), Mozilla (Firefox) and Apple (Safari)
are all browser makers; and Macromedia
and Sun, through Flash and Java, respectively, own the software used to
create many of the plug-ins used today.
Mitchell Baker, Mozilla Foundation president, said plug-ins are critical
components of the Web that require constant improvements and enhancements.
“This has been an issue that’s needed to be resolved for quite some time,”
she said. “Once the Mozilla Foundation was formed, we had a venue to
provide leadership and make things happen. It became
clear that all the various browser vendors and plug-in vendors were all very
eager to do something like this; [now] was right time to get things going.”
The NPAPI was once the standard among
vendors for getting plug-ins to communicate with computers. That vendor
list included Microsoft and its Internet Explorer. That is until
Redmond officials stopped supporting the NPAPI to create ActiveX
its own standard. The technology is currently the
centerpiece of a patent infringement
battle between Microsoft and Eolas Technology, who claim they invented
the technology.
Mozilla and Opera have been jointly waving
the standards flag for some time now to jumpstart the Web-browsing
experience into something more dynamic.
In May, the two browser developers submitted a specification
called Web Forms
2.0 to the World Wide Web Consortium (W3C). The spec
calls for a standard method for developing Web applications and compound
documents.
The intended target of these specifications is Internet Explorer, though none of the
companies comes out and says so. According to
W3Schools.com, IE owns more than 81 percent of the browser market as of June.
Mozilla and Opera follow with 11.4 percent and 2.3 percent, respectively.
The Web Forms spec and the alliance’s charter seek to avoid the
pitfalls of a single, dominant browser presenting its own
specifications and having them accepted as de facto standards because of
their widespread use.
Another fear is that a dominant browser might lead to
complacency by its vendor to improve its product, as in the case of IE,
which hasn’t had a significant update in a couple years. Recent events seem to bear that out.
IE is experiencing a critical security meltdown that Microsoft
has yet to resolve.
The flaw, which allows crackers
to install spyware software onto Web servers, has remained unpatched since
its discovery two weeks ago. Microsoft officials said they
might consider releasing
a patch out of its normal monthly schedule if customer demand
warrants it.
On Tuesday, the U.S. government’s Computer Emergency Readiness Team
(US-CERT) warned
Web users to stop using IE, because of the “significant vulnerabilities” found in domain/zone security
model, DHTML object model, MIME-type determination and ActiveX.
Mozilla’s Baker said one of the biggest advantages of an open source project is its
ability to point out security vulnerabilities sooner than in proprietary
software.
“You do find you’ve got many eyes looking for security issues, and that runs
through our development cycle, not just plug-ins,” she said. “The thing
about plug-ins is that once you decide to put it on your machine, you need it
to execute, otherwise it can’t do anything. So the security model in these
cases is very complex.
“As we’ve seen in recent days, the combination of IE
and the Windows OS, integrated tightly, is a rich ground for malicious
actors. That’s unrelated to plug-ins, [but] one of the things that Mozilla
browsers do is provide extra layers of protection there.”
Officials expect Web browsers with the new interoperability features to
start appearing in future releases sometime this fall.
For the time being,
however, Mozilla is hosting the alliance’s efforts on its NPAPI Web page and
features plug-in SDKs
it will start including the expanded
NPAPI in nightly builds of its Firefox browser before its release.
