#1
Mozilla has added all versions of Adobe Flash up to the most recent version 18.0.0.203 to the Firefox blocklist.


Security researchers have discovered (external - login to view) vulnerabilities in recent versions of Adobe Flash that have not been patched yet by Adobe but are exploited in the wild. In particular, several exploit kits (external - login to view) are already making use of it to serve crypto-ransomware to systems running Adobe Flash.


In an effort to protect Firefox (external - login to view) users from harm on the Internet, Mozilla has added the current version of Adobe Flash and all previous versions to the browser's blocklist (external - login to view).


The blocklist lists browser extensions, plugins and other components that are blocked automatically by Firefox either directly or sometimes in the case of plugins, by setting them to "ask to activate".


The Flash vulnerability affects all versions of Flash on Windows, Linux and Macintosh systems.


Firefox displays a warning message on its plugins management page that Flash is vulnerable. As you can see on the screenshot below, Shockwave Flash has been set to "ask to activate" and not blocked permanently.




more




Mozilla blocks all versions of Adobe Flash in Firefox - gHacks Tech News (external - login to view)








Facebook calls for end to Flash as Firefox blocks it over hacking holes








The mob is turning against Flash. Mozilla has blocked every version of Adobe’s Flash plugin from running within its Firefox (external - login to view) browser, while Facebook’s head of security has called for Adobe to kill it off.


The moves come following a series of vulnerabilities in Flash being actively exploited, including those exposed (external - login to view) by the Hacking Team compromise (external - login to view).


Firefox users seeking to view Flash-based content, such as videos, adverts or more complex web tools for uploading images and other actions, will need to click again and accept a warning that “Flash is known to be vulnerable. Use with caution”.


That means users of Firefox cannot use Flash by default and will not be able to until Adobe patches the security bugs and updates the plugin. Adobe (external - login to view) has struggled to keep up with the number of bugs and vulnerabilities being exposed within Flash.


At the same time, Facebook’s head of security Alex Stamos, who is previously credited with significantly improving the security of Yahoo’s operations, called for Flash to be killed off.




more




Facebook calls for end to Flash as Firefox blocks it over hacking holes | Technology | The Guardian (external - login to view)