Skip to content

Firefox blocks Flash versions. Facebook says kill it

July 14, 2015

blocked-flash

The Guardian website is reporting that all versions of the Adobe Flash Player have been banned from the Firefox web browser; and that Facebook’s head of security is calling for Adobe to kill off the bug-ridden plug-in.

While the report that Flash Player is dead to Firefox has been greatly exaggerated, it’s true that social media giant Facebook has added its voice to the growing calls to replace the aging and increasingly insecure multimedia enabler.

The latest in a long line of last straws has come in the form of the July 5 server breach of Italian “security” company Hacking Team.

In the hundreds of gigabytes of  leaked Hacking Team data, explicit details of at least two more Flash Player security bugs have been found. It turns out that the “grey hat” seller of spyware and zero day exploits to governments had uncovered the flaws and were secretly exploiting them for profit.

And this only a week after Adobe was forced to rush out a security patch to the Flash Player  on June 23, in order to address a buffer overflow bug being exploited by Chinese hackers against military and high technology companies.

This “patching a sieve one hole at a time” must be taking a toll on Adobe.

Computerworld’s Michael Horowitz keeps track of Flash updates and says that in the last 12 months, Adobe Flash Player has averaged 2 bug fixes every 5 days!

Calling for an end to Flash Player’s reign of error

Two days ago, on July 12, Alex Stamos, Facebook’s brand new Chief Security Officer, tweeted that Adobe should now set a date when it will cease developing the Flash Player plug-in for good and that all web browsers should be set to disable the plugin on that date.

Stamos wants Adobe to set a hard and fast date in order to convince web developers that they must get off their collective butts and finally develop a complete replacement for all the multimedia capabilities currently provided by the 19-year-old Flash technology.

And yesterday (July 13) the Mozilla Foundation blocked three more outdated versions of the Adobe Flash Player from being able to load in the Firefox web browser:

Contrary to what the Guardian is reporting, Mozilla is not blocking every version of Adobe’s Flash plugin from running within its Firefox browser, just outdated versions know to be vulnerable to zero day hacking exploits.

This is not new. Mozilla has been blocking versions of the Flash Player that are known to be insecure for years now.

Official Adobe Flash Player versions make up fully six percent of the 498 Firefox Add-ons that Mozilla has blocked over the last seven years.

Between April 16, 2008, and yesterday (July 13, 2015) Mozilla has placed 30 Legitimate Adobe Flash Player versions on its blocklist

If you include the 21 blocked Add-ons that are not made by Adobe but are out-and-out malware named “Flash Player” then the total increases to 10.24 percent.

As usual desktop Internet users have few choices: Uninstall the Flash Player and try to live without it or keep it updated and put it on a leash called click-to-play. Click the image to enlarge it.

From → Internet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: