Mozilla To Protect Adobe Flash Users

← Back to Stories (view on slashdot.org)

Mozilla To Protect Adobe Flash Users

Posted by Soulskill on Saturday September 5, 2009 @01:17AM from the helping-those-who-don't-help-themselves dept.

juct writes "Beginning with versions 3.5.3 and 3.0.14 of Firefox, Mozilla is going to check the version of installed Adobe Flash plug-ins and warn users if it discovers an outdated version with potential security holes. Mozilla confirmed this new security feature and said that the Flash version check was part of a wider commitment to 'protect users from emerging threats online.' Just recently, a study confirmed that 80 per cent of users surf with a vulnerable version of Adobe's plug-in."

26 of 132 comments (clear)

Min score:

Reason:

Sort:

Guaranteed to work by Norsefire · 2009-09-05 01:17 · Score: 4, Insightful

"WARNING!! The version of Adobe Flash you are using is out of date and contains security holes, please upgrade by clicking here ..."
Oh dear, I don't understand what this means. Luckily my son, who got sick of me ringing him for computer help, told me what to do whenever I encounter a box I don't understand; click the X, or click cancel, or ignore. Now back to clicking on every ad I see.

Of course, that isn't likely to happen. It would be more like:

WARNING!! The version of Adobe Flash you are using is out of date and contains security holes, unfortunately you are using Internet Explorer so there is no warning.
1. Re:Guaranteed to work by RiotingPacifist · 2009-09-05 01:28 · Score: 4, Funny
  
  ctrl+shift+P FTW, that way nobody has every found out that i like gay midget donkey porn!
  
  --
  IranAir Flight 655 never forget!
2. Re:Guaranteed to work by Midnight+Thunder · 2009-09-05 01:53 · Score: 3, Interesting
  
  Oh I thought it should have been:
  "Warning: You are using Adobe Flash, are you sure this such as good idea? How about some nice Dynamic SVG?"
  
  --
  Jumpstart the tartan drive.
3. Re:Guaranteed to work by Hurricane78 · 2009-09-05 02:20 · Score: 3, Insightful
  
  You contradict yourself twice in that little paragraph. What point is it you are trying to make?? ^^
  I think they will simply click on that OK to upgrade, as they click on everything else. To support that, just make the cancel button look small, scary, not recommended, with a sick face and a burning computer on it, and make the OK button 80% of the rest of the dialog, and make it look like a "red cross love palace for health, safety and happiness".
  I'm serious!
  Also, here in Germany, most people use Firefox, you insensitive clod! :P
  
  --
  Any sufficiently advanced intelligence is indistinguishable from stupidity.
4. Re:Guaranteed to work by value_added · 2009-09-05 02:31 · Score: 2, Funny
  
  Oh dear, I don't understand what this means. Luckily my son, who got sick of me ringing him for computer help, told me what to do whenever I encounter a box I don't understand; click the X, or click cancel, or ignore. Now back to clicking on every ad I see.
  How the fuck does a post that consists of incoherent rambling get modded up?
  The above pseudo anecdote may have been funny if the fine article involved Firefox opening dialog boxes, but that's not the case. Either the OP either didn't read the article, or notice bit about the "landing page".
  I'd add that the unrelated comment about IE (a non sequitor, actually) is even less funny, but I can't figure out WTF he was trying to say. Or what any of it has to do with ... anything.
  Next up, an excerpt from a Beavis and Butthead script that gets modded both insightful and funny:
  Popup windows.
  You said popup.
  Ha ha ha.
  Just click the X stupid.
  Ha ha ha.
  Internet Explorer is teh suck.
  Ha ha ha.
5. Re:Guaranteed to work by Late+Adopter · 2009-09-05 02:41 · Score: 4, Funny
  
  "Warning: You are using Adobe Flash, are you sure this such as good idea? How about some nice Dynamic SVG?"
  That'd be great! Do you have any? This, ummm, isn't my website, you know. =P
6. Re:Guaranteed to work by thanasakis · 2009-09-05 03:01 · Score: 4, Insightful
  
  Have you ever actually tried writing some nice dynamic svg?
7. Re:Guaranteed to work by Dragonslicer · 2009-09-05 06:25 · Score: 4, Funny
  
  How the fuck does a post that consists of incoherent rambling get modded up?
  Um, this is Slashdot. You have been here before, right?
Presumably by drseuk · 2009-09-05 01:26 · Score: 5, Funny

the remaining 20% don't use Flash then?
Gnash? by the_one(2) · 2009-09-05 01:27 · Score: 2, Interesting

I admit i don't use flash very often because it's annoying and Adobe's flash plugin uses way to much CPU, but is it still needed? Gnash has worked for me every time I've tried it lately (admittedly mostly for youtube). Tried it now with a flash game and it seems to work.
1. Re:Gnash? by RiotingPacifist · 2009-09-05 02:44 · Score: 3, Interesting
  
  Switching is too much of a PITA, if gnash works for 70%+ of content and i could easily load adobe for the other 30% (new games etc), i would switch too! Unfortunatly on linux switching requires me to run a script and restart firefox. Ideally gnash could chainload adobe flash but the devs probably hate the idea of accepting partial defeat, unfortunatly until they do its too much of a PITA for day to day use!
  
  --
  IranAir Flight 655 never forget!
And Good For Them! by Toad-san · 2009-09-05 01:27 · Score: 4, Interesting

I've found replacements for Adobe Reader and Real player (Foxit and Real Alternative), but couldn't find a replacement for the Flash player (alas).
This is better than nothing. I have Flash (and all other scripts) turned off by default in my Firefox browser, but am still forced to use it to see some things.
Yeah, I know the troglodytes won't understand the warning, but it might give them the slightest clue that something's wrong.
Does flash not already do this? by RiotingPacifist · 2009-09-05 01:29 · Score: 2, Insightful

Doesn't flash already prompt you to upgrade from an old version?
if so how will this warning be more effective (unless they add an auto-update feature)?
if not, WTF ADOBE!!!

--
IranAir Flight 655 never forget!
1. Re:Does flash not already do this? by postmortem · 2009-09-05 01:44 · Score: 4, Informative
  
  It does, sometimes on system startup; however it only installs updated plugin for Internet Explorer.
2. Re:Does flash not already do this? by A+Friendly+Troll · 2009-09-05 02:25 · Score: 4, Informative
  
  I have never had Flash notify me that it needs an update. Ever. The only time I've seen the notification was on a single computer at the office.
  A few days ago I was given this link http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager05.html - I think it was somewhere on Slashdot, either in the article, or in the comments. Sure enough, I went there, and Flash was set to never notify me of updates.
  Worth checking out.
3. Re:Does flash not already do this? by Sulphur · 2009-09-05 03:28 · Score: 3, Funny
  
  We are sorry, this page is designed to work with version 8 or greater. You are using version 10.
Automatic updates by chrisgeleven · 2009-09-05 01:53 · Score: 4, Interesting

I am really surprised browser makers aren't doing automatic updates for plugins like Flash. That is really the only way to keep them up-to-date.
1. Re:Automatic updates by robmv · 2009-09-05 05:25 · Score: 2, Informative
  
  ... because an XPI extension is written in XUL and/or Javascript, while a plugin is a compiled DLL that the browser loads up into its address space. they are two different things that work in different ways, even though they both add features to the browser. That's not to say that Flash couldn't be hosted on Mozilla's add-ons site, just that you are unlikely to see it in the form of an XPI file.
  Why some people always assume the person that is talking has no knowledge of what he or she is saying?, please take a look at Mozilla Extension reference and you will see that you can package plugins inside an XPI (/plugins/* reference on the exampleExt.xpi sample)
Yeah, I got that. by thePowerOfGrayskull · 2009-09-05 02:03 · Score: 5, Informative

Signed up for beta/testing FF updates. I get notified by FF that adobe is out of date. I click to install it. And lo! what installs? Not Flash... but some crappy Adobe Download Manager plugin whose sole purpose seems to be to download and install Adobe products. The Flash update did not ever download, even after FF restart.
Broke my own first rule on this one -- never download anything you're not 100% certain of - but it's still frustrating. If FF tells me it's taking me to install Flash, I think I should be able to trust that Flash is what I'm going to get.
swapping one exploit for another by Anonymous Coward · 2009-09-05 02:19 · Score: 3, Interesting

swap one exploit for another
http://www.google.com/search?hl=en&q=%22Adobe%20Download%20Manager%20%22%20exploit
wtf is wrong with Adobe ? whats wrong with just providing the plugin and nothing else ?
i should also rant at Sun for installing their fkin Yahoo toolbar/spyware accross our corporate network on every Java monthly update or installing their quickstarter/net assistant Firefox plugins without permission,then there is Apple with their forcing "Safari" (another exploit vector) as a pre-ticked update on their Quicktime updates WTF ? , google installing scheduled phone-home tasks every 15min with any bit of software they install
really just fuck off, fuck right off
is it any wonder with this despicable behaviour from major software companies with their "update" software is abused as a "install more crap" service that people dont update their plugins/software for fear of getting crap that they didn't ask for therefore exposing themselves to all these vulnerabilities or more if they do install it
perhaps when they get tagged as badware and spyware their behaviour might change
or maybe a good old million dollar class action lawsuit might
Re:Drunk the Kool-Aide by RiotingPacifist · 2009-09-05 02:46 · Score: 3, Funny

I'm sorry in future we will try and make all releases of software perfect and not release until we are 100% sure no vulnerability will ever be found
~the hurd team

--
IranAir Flight 655 never forget!
In the meantime... by MrNonchalant · 2009-09-05 02:59 · Score: 2, Informative

Here's a page that checks your Flash version and lists the latest version for the different browsers/operating systems: http://www.adobe.com/software/flash/about/
Version checking applications by Wowsers · 2009-09-05 03:02 · Score: 2, Insightful

I don't think it would go down too well if version checking was built into the current version of Skype for Linux.
"Dear Linux user, your version of Skype has not been updated for 2 1/2 years, there are no new updates planned, and x86_64 versions are out of the question. Please feel free to vent to eBay where they will helpfully file your comments in /dev/null.
Thank you for choosing Skype."

--
Take Nobody's Word For It.
upgrade? Why not block by IceFox · 2009-09-05 03:55 · Score: 2, Insightful

If the user doesn't upgrade does it disable the plugin?

--
Do you changes clothes while making the "chee-chee-cha-cha-choh" transformation sound?
Flash cookies too? by Pertain · 2009-09-05 09:08 · Score: 2, Insightful

And how about also dealing with the privacy/tracking issues associated with Flash? Flash has the ability to stores cookies (LSOs or Large Storage Objects) with impunity. Flash cookies can be auto-deleted using a Firefox addon called "BetterPrivacy" but it should be built in to the standard Firefox privacy feature.
Better yet, warn about any flash by Baloo+Uriza · 2009-09-05 14:09 · Score: 2, Interesting

"This site uses a Flash plugin, instead of accepted and open internet standards. Flash has no public source code, and thus no critical peer review. Software with no peer review is intrinsically a security threat to your system. Automatically send nastygram to webmaster?" [Yes] [Search Google for a competing site]

--
Furries make the internet go.