Just when the world was stunned due to the latest news about the zero-day attack on Java and Flash; Mozilla announced that Firefox has blocked flash on its browser. Mark Schmidt, senior Firefox community support lead, tweeted in the morning mentioning this as the ‘BIG NEWS’. He says,
“BIG NEWS!! All versions of Flash are blocked by default in Firefox as of now.”
It is believed that the latest zero-day attack is the reason behind Firefox’s decision to block Adobe’s Flash plugin on the browser. If the users try to use Flash in the Firefox browser, they will see a page saying “Flash Player Plugin 10.3.183.66 to 126.96.36.1998 (click-to-play) has been blocked for your protection.”
Firefox and Flash not together anymore
A recent report from the Hacking Team, an Italian security company, mentions that three vulnerabilities have been targeted by the malware writers. Out of these three, one bug is from Oracle’s Java; while the two are from Adobe Flash. Looking at the scenario, Mozilla has concluded that Flash’s vulnerabilities can create a major dent in the security of Firefox. Hence, it’s pretty apparent that this is the reason behind Mozilla’s decision to block Flash.
The ADD-ONS page by Firefox also mentions the reason, as,
“Old versions of the Flash Player plugin have known vulnerabilities (CVE-2014-9163).”
Besides, Firefox also recommends all the users update their Firefox Flash plugin. All users who have the older versions of the plugin are mainly affected, as they won’t be able to click and play the Flashplayer. In fact, Firefox is making sure that older versions of Flash plugin are automatically disabled and no longer usable.
In another tweet, Mark Schmidt mentions that the blockage will take place only until the bug is fixed.
Flash zero-day attack and public reaction
Though, Firefox has clearly mentioned that the blocking will be revoked once the ‘publicly known vulnerabilities’ in Flash are fixed; but many people and communities have different opinions. Many people are tired of Flash and its performance and hence they are happy that at least someone is taking action to stop the plugin. Facebook’ CSO, Alex Stamos even suggested in his tweet that Adobe should announce the end-of-life date for Flash and to ask browsers to set killbits on the same day.
Till then, only time will decide the faith of the Flash plugin the world of internet!