New Default: Mozilla Temporarily Disables Flash In Firefox

Trailrunner7 writes with news that "Mozilla has taken the unusual step of disabling by default all versions of Flash in Firefox." Two flaws that came to light from the recent document dump from Hacking Team could be used by an attacker to gain remote code execution. From Threatpost's article: One of the flaws is in Action Script 3 while the other is in the BitMapData component of Flash. Exploits for these vulnerabilities were found in the data taken from HackingTeam in the attack disclosed last week. An exploit for one of the Flash vulnerabilities, the one in ActionScript 3, has been integrated into the Angler exploit kit already and there's a module for it in the Metasploit Framework, as well. Reader Mickeycaskill adds a link to TechWeek Europe's article, which says these are the 37th and 38th flaws found in Flash so far this month, and that the development "is a blow for Flash after Alex Stamos, Facebook's new chief security officer, urged Adobe to set an 'end of life' date for the much-maligned software."

Isn't Flash extinct?

[I+prefer+not+to+say]

Are there any sites that still use Flash to serve useful web content?

Re:Isn't Flash extinct?

Why would you think Flash is terrible for privacy?

Evercookies, access to your mic and camera without telling you, and countless exploits, and escaping the plugin to access your machine .. honestly, if you don't know the history if the shit pile which is Flash, that's you're fucking problem for being stupid.

If you are unaware of the 15+ year history of why Flash is, and has always been garbage ... google it.

It has never NOT been a security hole.

Re:Isn't Flash extinct?

[Stewie241]

Yes, that was the narrative at the time - 'they are taking away our freedom'. In hindsight, even though I probably would have heavily criticized Apple for the move, and would have pointed to it as a reason to choose Android, the reality of the situation was, at least in my experience, that Flash on Android was a rather shitty experience that never really worked that well. And while it seemed arrogant and annoying that Steve Jobs tried to use his sway to annihilate Flash as a platform, I now believe that it was for the best. Flash has a heavy impact on battery life, is generally a lot slower, and is generally less secure than native alternatives.

So, yes, Apple made a seemingly arrogant move and exiled Flash from the iOS platform, but in the long run this drove development toward alternatives and pushed web developers to use technologies that were more mobile friendly (like using HTML for your content instead of some flash application) and I think the overall net effect for the web community has been positive.

Re:Isn't Flash extinct?

I care about none of those things.

Oh well we dont need it then.

I seriously can't believe how self-involved and ignorant some people on here are. People like you are why the stereotype of anti-social, geek basement dwellers is proliferated, you define it.

We need Flash, because it is easy to block

[sinij]

We need Flash because it is easy to block. You can remove a huge chunk of Web obnoxiousness by simply disabling/uninstalling Flash while not breaking the rest of the website. With HTML5, this won't be as straight-forward process.

Re:We need Flash, because it is easy to block

I disagree. There will still be third-party plugins to do this, plus now you get the option to easily roll your own. For example, on slashdot I have a plugin that runs :

$('video').empty().remove();

plus several other scripts to re-display content in a manner of my choosing.

Chrome

Won't this just cause frustrated users to switch to Chrome or another browser, further further hurting Mozilla's market share? Recently I went to a flash web site, it didn't work, so I booted up Chrome.

Re:Chrome

[myowntrueself]

Won't this just cause frustrated users to switch to Chrome or another browser, further further hurting Mozilla's market share? Recently I went to a flash web site, it didn't work, so I booted up Chrome.

Yes, now you need 2 browsers; chrome and firefox.

Chrome for flash and Firefox for java.