Mozilla disables Flash in Firefox by default due to security concerns

Scorpus

Scorpus

Posts: 2,162   +239
Staff member

Following widespread reports of serious security issues with Adobe Flash, Mozilla has decided to block the Flash Player add-on in their Firefox web browser by default to protect users from being infected with malware.

Adobe has been under siege over the past week after three serious Flash vulnerabilities were discovered in a 400 GB dump of 'security' firm Hacking Team's internal documentation. Hacking Team's data included instructions on how to exploit the vulnerabilities, which led to cases of "immediate weaponization" in the wild, according to Malwarebytes.

One of the ways to prevent attackers from exploiting Flash vulnerabilities is to cut off access to Flash entirely. Mozilla has decided that this is the best course of action for Firefox, taking on the advice of security experts which suggest either uninstalling Flash Player from your system entirely, or switching to a click-to-play Flash activation method.

Adobe has already patched the serious security vulnerabilities in Flash, but it might be too late to save the company's notorious multimedia platform. Facebook's head of security has urged Adobe to kill Flash, while most mobile platforms don't even support Flash in favor of newer HTML5 multimedia standards.

Mozilla may end up re-enabling Flash Player in Firefox, but it would have to be disabled again when yet another security issue is inevitably discovered. It might annoy those who play Flash-based games or videos in their browser, but perhaps the best course of action really is to have Adobe kill off Flash once and for all.

​Update: Adobe has released a patch for Flash that has addressed the vulnerabilities currently being exploited in the wild.

Permalink to story.

https://www.techspot.com/news/61353-mozilla-disables-flash-firefox-default-due-security-concerns.html

 
This is good. perhaps flash's end will come in a matter of months now instead of years. maybe faster.
 
I have Flash disabled anyway and only Allow it when I need it.
But a lot of plugins at work need Flash so I guess I now need to go back to IE.
 
Silverizawa said:
So make another flash player by firefox..shall, we (?) :D
Click to expand...

NOOOOOOOO!!! let flash die, please!! :p
HTML5 all the way!

on a side note, I thought Pandora used HTML5...after removing flash, I can't listen anymore :(
"In order to use Pandora internet radio, please upgrade to a more current browser
or install a newer version of Flash (v.10 or later)."

and off course I have the latest browser.
 
Disabled some time ago. Lets face it, no one needs flash based videos on their web page when its probably easier and safer just link a video from, lets say, YT. If a web page offers Flash videos it's usually page of low esteem with content of low quality, who's admin is too lazy to make the transition, like BBC or Engadget.
 
Does the Flash Blocker I have installed not do this for me already? And anyone not using a Flash blocking add on deserves the damage that could potentially be done. Still nice to see Firefox trying to protect their client base, although I didn't notice any difference with my browsing yesterday.
 
Now we need to get the BBC, Buzzfeed (who even block youtube html vids is no flash available), facebook etc. All of these sites manage without flash on mobile platforms so they have the tech,
 
Capaill said:
I have Flash disabled anyway and only Allow it when I need it.
But a lot of plugins at work need Flash so I guess I now need to go back to IE.
Click to expand...
if you really need flash there is a setting to enable it, don't bother that parrot is dead
 
I never care if flash was enabled and use it a fair bit. But at least it's an easy switch back on if I need it (with a popup)...
 
tonylukac said:
Lets suspend the web, I guess. How does someone like my mother figure out how to override?
Click to expand...
Flash isn't anything to do with the Web, in fact it is the exact opposite of the Web. It is the antithesis of the Web, it breaks the web by design. Let it die.
 
Badvok said:
Flash isn't anything to do with the Web, in fact it is the exact opposite of the Web.
Click to expand...
Have no idea where that idea came from. (n)

There's a lot more to this than just Youtube junk. Flash is frequently used to make instructional presentations - - much like a live Powerpoint. Lots of commercial websites will need rework when flash is withdrawn. I've even seen maintenance and repair procedures presented in this format (nothing like youtube selife styled movies). Don't read get me wrong here, I would vote for the demise of flash just because it's a pain to keep updating it.

btw: Flash implements Secure Real-Time Media Flow Protocol (RTMFP) as discussed in the Wiki now published as RFC 7016 making it officially "a component of the Web"
 
  • Like
Reactions: cliffordcooley
Mozilla did not disable flash by default, Firefox checks the versions and if an outdated and vulnerable version is found then it is disabled, until you update it.
 
Why does everybody say Mozilla blocks Flash by default? It's only when your version is out-of-date............
 
Islander said:
I am hearing that Java needs to be dumped (http://techspective.net/2015/07/17/put-a-fork-in-it-java-is-done/) as well as Flash.
Click to expand...
That's only partially true. The issue is the Java Applet running in the browser. There are lots of Java applications which are still viable. If a user doesn't know the difference, then Java per se is not necessary on your system.
What programs that do the same job are the most widespread, accessible and secure?
Click to expand...
The new Internet standard is HTML5 replacing Flash. Obviously, that kills all kinds of presentations and requires a rewrite - - thus it will be a long while before Flash is not supported.
 
So, be diligent about Flash updates and/or deactivate it until presented with a particular task?

By the way, none of this is obvious to me. I still occasionally wish my PC was more like my toaster.
 
Islander said:
So, be diligent about Flash updates and/or deactivate it until presented with a particular task?
Click to expand...
yes on update. I make flash Prompt To Activate as a default and choose carefully when to allow vs disallow.

By the way, none of this is obvious to me. I still occasionally wish my PC was more like my toaster.
Click to expand...
DON'T WE ALL :grin:
 
  • Like
Reactions: Islander
You must log in or register to reply here.

Similar threads

A
ExpressVPN disables security feature that was leaking DNS requests to third-party servers
Replies
2
Views
147
return
return
A
Mozilla calls on Apple, Google, and Microsoft to create a more level playing field in...
Replies
11
Views
381
lazer
lazer
midian182
Government review criticizes Microsoft for security lapses in "preventable" Exchange hack
Replies
0
Views
89
midian182
midian182

Latest posts

Back