informa
/
News

Mozilla Kills Flash On Firefox As Adobe Rushes Patch

It's another nail in the coffin for Adobe's Flash platform as Mozilla disables it from running on the company's Firefox Web browser.
HTML5: 10 Tips That Will Change Your Life
HTML5: 10 Tips That Will Change Your Life
(Click image for larger view and slideshow.)

Mozilla, the developer behind Firefox, announced this week that it has disabled the ability of Adobe Flash -- the ubiquitous multimedia and software platform used for Internet and mobile apps, rich content, and animation -- from its Web browser.

Users can still re-activate the feature by selecting the option in Firefox's settings menu, but from now on Firefox's use of Flash has been automatically disabled.

"Some websites use Adobe Flash to display content. However, attackers can also use the security flaws in Flash to run malicious software on your computer and gain access to your system," a Mozilla blog posted warned. "One way to protect yourself is by disabling or removing Flash, but if your trusted websites require Flash, you can change your plugin settings so that Flash runs only when you click to activate it."

The occurrence of Flash exploits has spiked this month, starting on July 6 and continuing until July 9, according to a report from F-Secure.

Two of the exploits, CVE-2015-5122 and CVE-2015-5123, have yet to be patched. They arose after the first two exploits were successfully patched.

"There were already speculations that there seem to be strong connections between the actors behind the two exploits kits," a July 13 blog post from the company explained. "For example, both have used 'fileless' delivery of payload and even similar encryption methods."

After suffering through the criticism all weekend, Adobe published a July 14 blog post and security bulletin to address these concerns.

Much of this came to light on Friday, July 10, security firm FireEye's Hacking Team released details as to how the exploit is triggered, noting a previous company leak had already resulted in the public disclosure of two zero-day vulnerabilities earlier last week.

A representative from social networking giant Facebook, a company known for its complaints about Flash vulnerabilities, was quick to call for the platform's demise.

"It is time for Adobe to announce the end-of-life date for Flash," Facebook's security chief Alex Stamos tweeted on Sunday.

Complaints about the vulnerability of Flash reach well into the past. Apple co-founder Steve Jobs wrote an open letter on the topic in 2010, calling out the platform's safety and mobile performance issues. The fact that Jobs called out the security problems with Flash helped add legitimacy to the number of complaints that had been building for years.

[Read about Adobe's latest Creative Cloud update.]

"Flash was created during the PC era -- for PCs and mice," Jobs wrote. "Flash is a successful business for Adobe, and we can understand why they want to push it beyond PCs. But the mobile era is about low power devices, touch interfaces and open web standards -- all areas where Flash falls short."

Adobe lost a major proponent of Flash earlier this year when Google announced that YouTube, its ubiquitous video sharing Web site, would switch to HTML5 on all browsers, including Chrome, Internet Explorer, Safari, and Firefox.

Complaints about the platform extend beyond security concerns.

In June, Google announced it would intelligently pause content (like Flash animations) that aren't central to the Web page, while keeping central content playing without interruption, in an effort to reduce the drain on battery life.