New Default: Mozilla Temporarily Disables Flash In Firefox

Trailrunner7 writes with news that "Mozilla has taken the unusual step of disabling by default all versions of Flash in Firefox." Two flaws that came to light from the recent document dump from Hacking Team could be used by an attacker to gain remote code execution. From Threatpost's article: One of the flaws is in Action Script 3 while the other is in the BitMapData component of Flash. Exploits for these vulnerabilities were found in the data taken from HackingTeam in the attack disclosed last week. An exploit for one of the Flash vulnerabilities, the one in ActionScript 3, has been integrated into the Angler exploit kit already and there's a module for it in the Metasploit Framework, as well. Reader Mickeycaskill adds a link to TechWeek Europe's article, which says these are the 37th and 38th flaws found in Flash so far this month, and that the development "is a blow for Flash after Alex Stamos, Facebook's new chief security officer, urged Adobe to set an 'end of life' date for the much-maligned software."

Re:We need Flash, because it is easy to block

[gstoddart]

You got modded funny, but I tend to agree.

If the crap that Flash does is part of the HTML 5 spec, I really do worry we won't be able to block it quite so readily.

In which case the browsers become even less secure. That will be a bad thing.

Re:Isn't Flash extinct?

[gstoddart]

It's one of the 3 browsers I keep open all the time.

I don't give a damn about any of their new features. But it's the one which is set to not run any javascript ever or accept cookies and has the most locked down settings.

It's my "I don't trust you" browser.

Re:Isn't Flash extinct?

[LocalH]

When Jobs made the decision to disallow Flash on the iPhone, there were no third-party apps. Period. There wasn't even a jailbreak, since he made the decision prior to the release of the original iPhone. So, his decision had nothing to do with the App Store, since it didn't exist.