By default, Firefox will, in future, only automatically run the content of the most recent version of Flash
The Mozilla announcement comes after Oracle's recent troubles securing Java, which recently culminated in Oracle's Java defences falling to a security researcher. That researcher recommended "Click to Play" as a more appropriate defence against drive-by style attacks that exploited plugins such as Java.

The link for this article located at H Security is no longer available.