A ComputerWorld story explains that Mozilla has taken the unusual step of blocking all Flash after the announcement of the third 'zero-day' vulnerability in the last few days. It is possible to override the block by user selection for a single flash link or for all links. The block is in force even if Flash player has been updated since the first vulnerability was announced.
Mozilla on Monday began blocking all versions of Adobe Flash Player from running automatically in its Firefox browser, reacting to news of even more zero-day vulnerabilities unearthed in a massive document cache pilfered from the Italian Hacking Team surveillance firm.
Mozilla engineers swung into action over the weekend after reports surfaced late Friday of another Flash zero-day -- the term that describes a flaw for which there is yet no fix, or patch -- discovered in the gigabytes of data and documents stolen from the Hacking Team. At the time, the bug was the second in Flash spotted in just five days.
After reading the block warning, Firefox users can still run Flash content by authorizing the plug-in's operation. Since then a third Flash zero-day has cropped up.
Neither the second or the third vulnerability had been patched by Adobe as of late Monday, although the company has promised to do so this week.
(Score: 3, Informative) by Anonymous Coward on Tuesday July 14 2015, @07:52PM
The latest version is allowed. The version that came out today that fixes those bugs.
Given that set it to only load when you allow it. Either thru the use of a plugin or ask to activate.
Be careful the flash installer switches 'ask to activate' back to always in firefox.
(Score: -1, Troll) by Anonymous Coward on Tuesday July 14 2015, @08:14PM
Who gives a fucking fuck? Mozilla is for dinosaurs, gramps.
(Score: 1) by mucsdnop on Tuesday July 14 2015, @08:51PM
I can see someone has high hopes for the Microsoft Edge browser.
(Score: 2) by Nerdfest on Tuesday July 14 2015, @08:54PM
It's a great name though. Heck, even though using IE were living on the edge for years.
(Score: 0) by Anonymous Coward on Tuesday July 14 2015, @09:40PM
I'm edgy, dude! Old folks can't touch me. I'll cut ya!
(Score: 3, Informative) by Pino P on Wednesday July 15 2015, @02:22AM
The version that came out today that fixes those bugs.
No version of Flash Player for Linux came out today. Only Flash Player for Windows, Flash Player for OS X, and Flash Player for Google Chrome were updated. I just did sudo apt-get install --reinstall flashplugin-installer five minutes ago, and it's still on the vulnerable 11.2.202.481. The security bulletin [adobe.com] states: "Adobe will provide an update for Flash Player for Linux during the week of July 12. The update will be available by visiting the Adobe Flash Player Download Center. Please continue to monitor the PSIRT blog for updates."
(Score: 0) by Anonymous Coward on Wednesday July 15 2015, @04:21PM
http://www.phoronix.com/scan.php?page=news_item&px=Adobe-Flash-Hacking-Team [phoronix.com]
You only had to wait 1 day for something you probably should disable most of the time anyway....
(Score: 2) by captain normal on Wednesday July 15 2015, @06:03AM
It is not only Mozilla. Same thing with chromium browsers (chrome and dragon).
Everyone is entitled to his own opinion, but not to his own facts"- --Daniel Patrick Moynihan--