Firefox Temporarily Blocks Adobe Flash Because Of Security Concerns 

Mozilla and Facebook, along with other online communities, are joining forces to have Adobe kill its Flash program in order to make the Internet a safer and more proficient place.Mozilla is blocking the Adobe Flash Player from automatically running in its Firefox Web browser until an update is released to address concerns about its security. Facebook and Mozilla, the company behind the Firefox browser, both made moves to force out Flash, insisting that Adobe needs to patch its many security holes or abandon the software altogether.

The Flash-bashing picked up last week after revelations that the spyware giant known as the Hacking Team had been using Flash to remotely take over people’s computers and infect them with malware. (That discovery took place after the Hacking Team was itself hacked. Facebook security chief Alex Stamos came out swinging Sunday with a tweet saying, “It is time for Adobe to announce the end-of-life date for Flash.” Late Monday night, Mozilla’s support chief Mark Schmidt declared on Twitter, “BIG NEWS!! Adobe today finally released a patched version of Flash, but Firefox users may have to manually update their Flash installs to get this new version (assuming they actually want to use Flash again). For example, it came to light last week that the spyware-for-hire firm Hacking Team relied on weaknesses in Flash to infiltrate computers and deploy malware. While it served its purpose in the early days of the web, HTML5 and other web standards now allow developers to replicate most of its functionality without having to rely on what has increasingly become an insecure and inefficient plugin.

Google’s YouTube already defaults to HTML5 instead of Flash and Chrome will soon start auto-pausing Flash content it doesn’t consider ‘central‘ to a web page. The hackers published 400GB of allegedly stolen Team Hacking data online, including the source code of the firm’s spy tools and what software vulnerabilities they exploited. Overall, the web is better off without Flash and as Facebook’s chief security officer Alex Stamos said a few days ago, it’s probably time to set an end-of-life data for Flash. He published an open letter railing against the software for being buggy, backward looking, and a battery hog. “Flash is the number one reason Macs crash,” he wrote. “We don’t want to reduce the reliability and security of our iPhones, iPods and iPads by adding Flash.” Adobe regularly issues updates to Flash that attempt to fix vulnerabilities, but public opinion has slipped away from it. Deceased Apple co-founder Steve Jobs famously hated Flash and worked hard to keep it from running on iPhones and iPads during his tenure as the company’s CEO.

Mozilla’s Weiner confirmed the current block is not permanent and the firm plans to stop blocking it when Adobe fixes the software’s security. “Adobe is expected to release an update to Flash sometime this week. Though Android smartphones originally supported Flash – and used that fact as a selling point – Adobe killed Flash support for all smartphones in 2011.

Schmidt says that Mozilla is willing to welcome Flash back into the fold – after all, Flash still runs on 10.6 percent of all websites, according to W3Techs – but Mozilla needs to see some major improvements first. YouTube has been experimenting with playing videos natively in the browser several years ago and officially parted ways with Flash in January 2015. “To be clear, Flash is only blocked until Adobe releases a version which isn’t being actively exploited by publicly known vulnerabilities,” Schmidt added. A Mozilla spokesperson declined to comment the firm would ever consider permanently blocking Flash Player, telling Business Insider the firm “has nothing to add for the moment.” Business Insider has reached out to Adobe for comment.

In the past, Mozilla has been proactive and aggressive when dealing with insecure products, or technologies it feels are invading on its customers’ privacy.



Leave a Reply

Your email address will not be published. Required fields are marked *