Mozilla Blocks Flash In Firefox To Protect Users Against Recent Zero-Day Vulnerabilities

[Guest]

After two recently discovered Flash zero-day vulnerabilities, Mozilla blocked Flash temporarily in Firefox until Adobe release will release a patch over the next few days.

Mozilla Blocks Flash In Firefox To Protect Users Against Recent Zero-Day Vulnerabilities : Read more

 

[tomc100]

Is there a single website that doesn't have flash ads playing in the background?

 

[nukemaster]

Truth be told, Once 3rd party plugins are gone, they will just target the browsers them selves.

Steve wanted flash dead because of all the FREE games/apps it offered that would have taken a hit to the app store sales. No way around that.

It is a cat and mouse game and hackers will ALWAYS want in, not matter what browser or OS you use.

The more popular ones get hit first and more often so Windows/Internet explorer(its not like all users know about alternative browsers) will likely be a larger target, but with mobile devices soon(if not already. I know people that do not even use computers any more for the internet) to be the primary device for most users they will get just as much attention.

 

[Solandri]

Flash isn't going to die anytime soon. It may die as a generic browser scripting tool (I hope it does). But Flash was initially developed as an artist's tool - so you could create graphic animations without having to send as much data as a full-blown movie. It's still widely used among artists, with several TV shows and even movie production using it extensively. Its abuse as a generic scripting language for browsers came about because HTML lacked scripting capability.

And Jobs may have claimed he blocked Flash from iOS because of vulnerabilities and excessive power use, but the real reason was control. At the time, Apple prohibited all compilers and emulators from the App store. The only way you could run a program in iOS was by developing it using Apple's tools, and submitting it to the App store for their approval. Flash bypassed this control over their ecosystem. If you could install Flash in iOS, you could write your program in Flash, put it on a website, and browse the site with your iOS device to run your program. That broke Apple's monopoly on iOS executables, so they banned it. And their spin control department came up with reasons for the ban which didn't sound so selfish and authoritarian.

 

[Xc311]

the problem is flash player deliver a better video quality than html5 native player.. you can witness this in HD videos or FHD in youtube for example. i don't think it will die soon, at least till html5 surpass it in that point

 

[Nintendork]

Mozilla: If you gonna block flash make sure your damn browser actually support html5 without problems. Youtube on mozilla is a painful experiencie, even worse when you use vp9/webm. Video stutters and if it's a 1080p 60fps, be sure that it will stutter too.

 

[capt_taco]

I never understood why there was this big sudden push to kill Flash. HTML5 is fine for playing videos, but for a lot of the artistic uses of Flash, it's no replacement at all, and there are no other good replacements either. My job involves building and managing websites, and it's painfully obvious that creativity has taken a step backwards in several areas because even if Flash is the only thing capable of doing a task, no one wants to use it.

One site I built a while back used to have an interactive map created in Flash, and when it was time to redesign it, the so-called "experts" insisted that we could do it just as well using Google Maps ... I was skeptical but went along with it. Well guess what, the Google Maps version was nothing like it and it sucked. "This is crap," I said, "what are our other options?" "There are no other options, you can't use Flash because of Apple, so this is it," they said. I told them I didn't care about Apple users, who made up about 2.75% of our audience, enough to design the whole site around them, but was shouted down. Garbage.

There was never anything wrong with Flash; it was as vulnerable and glitchy as any other widely used plugin, and the positives far outweighed any of that. As others have said, the campaign against it was all because of Steve Jobs (may he burn in hell) and his insistence on being a control freak. It's a shame so many people were dumb enough to fall for it.

*no, I'm not wishing Steve Jobs to burn in hell over Flash; that would be silly. He was just a jerk with a horrible mentality.

 

[nukemaster]

I never understood why there was this big sudden push to kill Flash. HTML5 is fine for playing videos, but for a lot of the artistic uses of Flash, it's no replacement at all, and there are no other good replacements either. My job involves building and managing websites, and it's painfully obvious that creativity has taken a step backwards in several areas because even if Flash is the only thing capable of doing a task, no one wants to use it.

One site I built a while back used to have an interactive map created in Flash, and when it was time to redesign it, the so-called "experts" insisted that we could do it just as well using Google Maps ... I was skeptical but went along with it. Well guess what, the Google Maps version was nothing like it and it sucked. "This is crap," I said, "what are our other options?" "There are no other options, you can't use Flash because of Apple, so this is it," they said. I told them I didn't care about Apple users, who made up about 2.75% of our audience, enough to design the whole site around them, but was shouted down. Garbage.

There was never anything wrong with Flash; it was as vulnerable and glitchy as any other widely used plugin, and the positives far outweighed any of that. As others have said, the campaign against it was all because of Steve Jobs (may he burn in hell) and his insistence on being a control freak. It's a shame so many people were dumb enough to fall for it.

*no, I'm not wishing Steve Jobs to burn in hell over Flash; that would be silly. He was just a jerk with a horrible mentality.

While Apple only has a small margin of the market, All cell phones/tablets(The quickly becoming primary device for surfing the internet if not already) do not support flash either.

I think some of the renewed GIF(something popular in the 90s due to the hardware most users had) craze is also to make mobile device playback more easy(strange since they all support at least basic mpeg4 video and that has better frame rates/colors and compression than GIF).

Also hating flash is rather popular on the internet.

 

[capt_taco]

While Apple only has a small margin of the market, All cell phones/tablets(The quickly becoming primary device for surfing the internet if not already) do not support flash either.
...
Also hating flash is rather popular on the internet.

That was kind of my point. The Kill-Flash movement isn't because there's anything wrong with it. It's because the drumbeat got going, and hating it became the default reaction "because it's old" or "because it's clunky" or any of a hundred other soundbites. Most people who are against Flash probably couldn't even articulate very clearly why they hate it - they hate it because they heard it from their friend Josh, or they read it on a snarky tech site, or they hate it just because.

In any case, now that Android compatibility has dried up, that turned it from cheerleading into a real problem, and now the reality is that it's being used less and less except for specialty purposes. It still puzzles me why that happened; the only explanation I can think of is that the Android developers all lemminged Apple, or listened to the cheerleading, and it became a self-fulfilling prophecy.

 

[kenjitamura]

I never understood why there was this big sudden push to kill Flash. HTML5 is fine for playing videos, but for a lot of the artistic uses of Flash, it's no replacement at all, and there are no other good replacements either. My job involves building and managing websites, and it's painfully obvious that creativity has taken a step backwards in several areas because even if Flash is the only thing capable of doing a task, no one wants to use it.

One site I built a while back used to have an interactive map created in Flash, and when it was time to redesign it, the so-called "experts" insisted that we could do it just as well using Google Maps ... I was skeptical but went along with it. Well guess what, the Google Maps version was nothing like it and it sucked. "This is crap," I said, "what are our other options?" "There are no other options, you can't use Flash because of Apple, so this is it," they said. I told them I didn't care about Apple users, who made up about 2.75% of our audience, enough to design the whole site around them, but was shouted down. Garbage.

There was never anything wrong with Flash; it was as vulnerable and glitchy as any other widely used plugin, and the positives far outweighed any of that. As others have said, the campaign against it was all because of Steve Jobs (may he burn in hell) and his insistence on being a control freak. It's a shame so many people were dumb enough to fall for it.

*no, I'm not wishing Steve Jobs to burn in hell over Flash; that would be silly. He was just a jerk with a horrible mentality.

Dissenters such as journalists were helped track down to be tortured and killed in such places as Sudan thanks to zero day exploits in Flash being used by Hacker Team, is that not enough reason to hate flash? It's an easily exploitable security nightmare and every device that uses it is substantially less safe because of it.

 

[Solandri]

That was kind of my point. The Kill-Flash movement isn't because there's anything wrong with it. It's because the drumbeat got going, and hating it became the default reaction "because it's old" or "because it's clunky" or any of a hundred other soundbites. Most people who are against Flash probably couldn't even articulate very clearly why they hate it - they hate it because they heard it from their friend Josh, or they read it on a snarky tech site, or they hate it just because.

To be fair, Flash was widely hated from the onset because web developers used it to make their website consistent on all displays. That was contradictory to the design of the web - the whole point of HTML is to transmit the important info (words, pics) to the browser in form that the browser can decide how to best display. i.e. If I want to compress the display so it'll fit in 800x600, or expand it to fill 1920x1080, I can resize the browser and the browser handles reflowing the text and pictures. If I don't like the font, the browser can change it. If I don't like the colors, the browser can override ithem You can't do that with flash websites - the formatting is determined by the site designer, not your browser.

I do agree with you about its artistic use. It is the best tool for that purpose I've seen.

In any case, now that Android compatibility has dried up, that turned it from cheerleading into a real problem, and now the reality is that it's being used less and less except for specialty purposes. It still puzzles me why that happened; the only explanation I can think of is that the Android developers all lemminged Apple, or listened to the cheerleading, and it became a self-fulfilling prophecy.

Flash on Android was killed by Adobe itself. They stopped releasing updates for it and pulled it from the Play store. I used to keep a copy of it around in my TitaniumBackup backups, but so much time has passed without security patches I don't think it's worth the risk of installing it again.

The Dolphin browser supports flash. I don't normally use that browser, but I do keep a copy of it installed now for the occasional times I need to visit a flash website in Android.

Dissenters such as journalists were helped track down to be tortured and killed in such places as Sudan thanks to zero day exploits in Flash being used by Hacker Team, is that not enough reason to hate flash? It's an easily exploitable security nightmare and every device that uses it is substantially less safe because of it.

Every computer system out there has zero-day exploits. If you're going to hate everything which has zero-day exploits, you need to become a Luddite and give up using computers.

Anyhow, Mozilla (and Google) blocked the vulnerable version of Flash from running on their browsers. Adobe has already released a new version which patches the vulnerability, and that version is allowed to run. This wasn't Mozilla taking some anti-flash stance like some in the press were trying to spin it. It was just the browser makers doing the prudent thing and preventing a vulnerable extension from running until it was fixed.

 

[randomizer]

The main reason to kill Flash is the same reason why all plugins need to be killed: they are holes in the browser sandbox that allow exploits to break into the rest of the system and run with the same permissions as the user. Plug the holes.

Unfortunately Flash still has its uses. There is no way to copy things to the clipboard that works consistently across browsers (admittedly it's debatable whether this is a good feature anyway).

 

[velocityg4]

I wouldn't mind Flash so much if it would actually update automatically. As it stands every time there is a whole version change. You have to manually download and install the update. Rather than it doing so automatically as per the users settings.

Making it worse Adobe has gone nuts like everyone else with version numbers. So every couple of months Flash starts bugging you. Which is much more annoying when you manage a lot of computers.

Then they make the manual update more difficult. By making you go to the website, download an installer (remember not to add McAfee), then that installer has to download another installer. It's easy enough for me. But for many users this is a herculean effort.

Perhaps Firefox should just integrate Flash like Chrome and IE do.

 

[TechyInAZ]

It would be nice to get rid of Flash forever and see either HTML5 being the norm. or a successor to flash. While Adobe is doing a good job of fixing flash security issues, it seems like there's ALWAYS a hacker team that's figured out a new security flaw every single month. I'd say it would be better to get rid of flash entirely.

 

[jimmysmitty]

The main reason to kill Flash is the same reason why all plugins need to be killed: they are holes in the browser sandbox that allow exploits to break into the rest of the system and run with the same permissions as the user. Plug the holes.

Unfortunately Flash still has its uses. There is no way to copy things to the clipboard that works consistently across browsers (admittedly it's debatable whether this is a good feature anyway).

I think until Flash is killed off, I use HTML mainly for Youtube and block most ads anyways, that all browser developers should be controlling the distribution of Flash for their browsers, like Microsoft does for IE and I believe Google does for Chrome.

 

[jonathan1683]

I hate flash for one reason. Every time I turn on one of my computers I have to download an update. It also likes to install an update service that just reminds you to head over to their site and click yes on downloading a virus scanner. I don't understand why they just don't auto update it. If they did all these vulnerabilities would not be such an issue. I get irritated each time. So yea screw flash I hope it dies too. I never had to update my HTML5.

 

[Jake Hall]

Oh, boo-hoo.... get rid of it

 

[ubercake]

Adobe is basically letting all of the products they bought from Macromedia (and some of those Macromedia earlier bought from Allaire) turn to crap slowly with no direct Adobe replacements available.

It's pretty sad. Flash used to be viewed as a great flexible lighter weight tool for easily developing highly interactive web content. Adobe bloated it and only thinks of supporting it when bad press drops.