Mozilla To Protect Adobe Flash Users

juct writes "Beginning with versions 3.5.3 and 3.0.14 of Firefox, Mozilla is going to check the version of installed Adobe Flash plug-ins and warn users if it discovers an outdated version with potential security holes. Mozilla confirmed this new security feature and said that the Flash version check was part of a wider commitment to 'protect users from emerging threats online.' Just recently, a study confirmed that 80 per cent of users surf with a vulnerable version of Adobe's plug-in."

Gnash?

[the_one(2)]

I admit i don't use flash very often because it's annoying and Adobe's flash plugin uses way to much CPU, but is it still needed? Gnash has worked for me every time I've tried it lately (admittedly mostly for youtube). Tried it now with a flash game and it seems to work.

Re:Gnash?

[RiotingPacifist]

Switching is too much of a PITA, if gnash works for 70%+ of content and i could easily load adobe for the other 30% (new games etc), i would switch too! Unfortunatly on linux switching requires me to run a script and restart firefox. Ideally gnash could chainload adobe flash but the devs probably hate the idea of accepting partial defeat, unfortunatly until they do its too much of a PITA for day to day use!

And Good For Them!

[Toad-san]

I've found replacements for Adobe Reader and Real player (Foxit and Real Alternative), but couldn't find a replacement for the Flash player (alas).

This is better than nothing. I have Flash (and all other scripts) turned off by default in my Firefox browser, but am still forced to use it to see some things.

Yeah, I know the troglodytes won't understand the warning, but it might give them the slightest clue that something's wrong.

Solving the wrong problem

The real problem is all those web sites that you have to use but are completely useless when flash is disabled. What firefox should be doing is sending an email to the web site administrator (it is the semantic web, is it not?) telling them to not rely on flash. Even better is if nobody even used the cruft, but dreaming of that is going from na-na land to someplace even more remote.

Re:Guaranteed to work

[Midnight+Thunder]

Oh I thought it should have been:

"Warning: You are using Adobe Flash, are you sure this such as good idea? How about some nice Dynamic SVG?"

Automatic updates

[chrisgeleven]

I am really surprised browser makers aren't doing automatic updates for plugins like Flash. That is really the only way to keep them up-to-date.

swapping one exploit for another

swap one exploit for another
http://www.google.com/search?hl=en&q=%22Adobe%20Download%20Manager%20%22%20exploit

wtf is wrong with Adobe ? whats wrong with just providing the plugin and nothing else ?
i should also rant at Sun for installing their fkin Yahoo toolbar/spyware accross our corporate network on every Java monthly update or installing their quickstarter/net assistant Firefox plugins without permission,then there is Apple with their forcing "Safari" (another exploit vector) as a pre-ticked update on their Quicktime updates WTF ? , google installing scheduled phone-home tasks every 15min with any bit of software they install
really just fuck off, fuck right off

is it any wonder with this despicable behaviour from major software companies with their "update" software is abused as a "install more crap" service that people dont update their plugins/software for fear of getting crap that they didn't ask for therefore exposing themselves to all these vulnerabilities or more if they do install it

perhaps when they get tagged as badware and spyware their behaviour might change
or maybe a good old million dollar class action lawsuit might

Better yet, warn about any flash

[Baloo+Uriza]

"This site uses a Flash plugin, instead of accepted and open internet standards. Flash has no public source code, and thus no critical peer review. Software with no peer review is intrinsically a security threat to your system. Automatically send nastygram to webmaster?" [Yes] [Search Google for a competing site]