TechSpot

Mozilla disables Flash in Firefox by default due to security concerns

By Scorpus
Jul 14, 2015
Post New Reply
  1. Following widespread reports of serious security issues with Adobe Flash, Mozilla has decided to block the Flash Player add-on in their Firefox web browser by default to protect users from being infected with malware.

    Adobe has been under siege over the past week after three serious, unpatched Flash vulnerabilities were discovered in a 400 GB dump of 'security' firm Hacking Team's internal documentation. Hacking Team's data included instructions on how to exploit the vulnerabilities, which led to cases of "immediate weaponization" in the wild, according to Malwarebytes.

    One of the ways to prevent attackers from exploiting Flash vulnerabilities is to cut off access to Flash entirely. Mozilla has decided that this is the best course of action for Firefox, taking on the advice of security experts which suggest either uninstalling Flash Player from your system entirely, or switching to a click-to-play Flash activation method.

    Adobe is currently working on patching the serious security vulnerabilities in Flash, but it might be too late to save the company's notorious multimedia platform. Facebook's head of security has already urged Adobe to kill Flash, while most mobile platforms don't even support Flash in favor of newer HTML5 multimedia standards.

    Mozilla may end up re-enabling Flash Player in Firefox when Adobe manages to patch the vulnerabilities, but it would have to be disabled again when yet another security issue is inevitably discovered. It might annoy those who play Flash-based games or videos in their browser, but perhaps the best course of action really is to have Adobe kill off Flash once and for all.

    Permalink to story.

     
  2. I was wondering why my flash was not working yesterday.
     
    learninmypc likes this.
  3. ikesmasher

    ikesmasher TS Evangelist Posts: 2,561   +862

    This is good. perhaps flash's end will come in a matter of months now instead of years. maybe faster.
     
  4. Capaill

    Capaill TS Addict Posts: 292   +93

    I have Flash disabled anyway and only Allow it when I need it.
    But a lot of plugins at work need Flash so I guess I now need to go back to IE.
     
  5. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 8,559   +2,900

    If I can get it to work when I want it, I will have no complaints.
     
  6. Silverizawa

    Silverizawa TS Rookie

    So make another flash player by firefox..shall, we (?) :D
     
  7. ikesmasher

    ikesmasher TS Evangelist Posts: 2,561   +862

    noooooooo everyone just use html5
     
    Darth Shiv likes this.
  8. RustyTech

    RustyTech TS Guru Posts: 865   +434

    NOOOOOOOO!!! let flash die, please!! :p
    HTML5 all the way!

    on a side note, I thought Pandora used HTML5...after removing flash, I can't listen anymore :(
    "In order to use Pandora internet radio, please upgrade to a more current browser
    or install a newer version of Flash (v.10 or later)."

    and off course I have the latest browser.
     
  9. noel24

    noel24 TS Maniac Posts: 304   +154

    Disabled some time ago. Lets face it, no one needs flash based videos on their web page when its probably easier and safer just link a video from, lets say, YT. If a web page offers Flash videos it's usually page of low esteem with content of low quality, who's admin is too lazy to make the transition, like BBC or Engadget.
     
  10. Adhmuz

    Adhmuz TechSpot Paladin Posts: 1,653   +523

    Does the Flash Blocker I have installed not do this for me already? And anyone not using a Flash blocking add on deserves the damage that could potentially be done. Still nice to see Firefox trying to protect their client base, although I didn't notice any difference with my browsing yesterday.
     
  11. bexwhitt

    bexwhitt TS Addict Posts: 291   +55

    Now we need to get the BBC, Buzzfeed (who even block youtube html vids is no flash available), facebook etc. All of these sites manage without flash on mobile platforms so they have the tech,
     
  12. bexwhitt

    bexwhitt TS Addict Posts: 291   +55

    if you really need flash there is a setting to enable it, don't bother that parrot is dead
     
  13. m4a4

    m4a4 TS Guru Posts: 752   +273

    I never care if flash was enabled and use it a fair bit. But at least it's an easy switch back on if I need it (with a popup)...
     
  14. tonylukac

    tonylukac TS Evangelist Posts: 1,310   +56

    Lets suspend the web, I guess. How does someone like my mother figure out how to override?
     
  15. Badvok

    Badvok TS Booster Posts: 122   +51

    Flash isn't anything to do with the Web, in fact it is the exact opposite of the Web. It is the antithesis of the Web, it breaks the web by design. Let it die.
     
  16. jobeard

    jobeard TS Ambassador Posts: 9,348   +622

    Have no idea where that idea came from. (n)

    There's a lot more to this than just Youtube junk. Flash is frequently used to make instructional presentations - - much like a live Powerpoint. Lots of commercial websites will need rework when flash is withdrawn. I've even seen maintenance and repair procedures presented in this format (nothing like youtube selife styled movies). Don't read get me wrong here, I would vote for the demise of flash just because it's a pain to keep updating it.

    btw: Flash implements Secure Real-Time Media Flow Protocol (RTMFP) as discussed in the Wiki now published as RFC 7016 making it officially "a component of the Web"
     
    cliffordcooley likes this.
  17. Mozilla did not disable flash by default, Firefox checks the versions and if an outdated and vulnerable version is found then it is disabled, until you update it.
     
  18. Islander

    Islander TS Enthusiast Posts: 36

  19. Why does everybody say Mozilla blocks Flash by default? It's only when your version is out-of-date............
     
  20. jobeard

    jobeard TS Ambassador Posts: 9,348   +622

    That's only partially true. The issue is the Java Applet running in the browser. There are lots of Java applications which are still viable. If a user doesn't know the difference, then Java per se is not necessary on your system.
    The new Internet standard is HTML5 replacing Flash. Obviously, that kills all kinds of presentations and requires a rewrite - - thus it will be a long while before Flash is not supported.
     
  21. Islander

    Islander TS Enthusiast Posts: 36

    So, be diligent about Flash updates and/or deactivate it until presented with a particular task?

    By the way, none of this is obvious to me. I still occasionally wish my PC was more like my toaster.
     
  22. jobeard

    jobeard TS Ambassador Posts: 9,348   +622

    yes on update. I make flash Prompt To Activate as a default and choose carefully when to allow vs disallow.

    DON'T WE ALL :grin:
     
    Islander likes this.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...