A ComputerWorld story explains that Mozilla has taken the unusual step of blocking all Flash after the announcement of the third 'zero-day' vulnerability in the last few days. It is possible to override the block by user selection for a single flash link or for all links. The block is in force even if Flash player has been updated since the first vulnerability was announced.
Mozilla on Monday began blocking all versions of Adobe Flash Player from running automatically in its Firefox browser, reacting to news of even more zero-day vulnerabilities unearthed in a massive document cache pilfered from the Italian Hacking Team surveillance firm.
Mozilla engineers swung into action over the weekend after reports surfaced late Friday of another Flash zero-day -- the term that describes a flaw for which there is yet no fix, or patch -- discovered in the gigabytes of data and documents stolen from the Hacking Team. At the time, the bug was the second in Flash spotted in just five days.
After reading the block warning, Firefox users can still run Flash content by authorizing the plug-in's operation. Since then a third Flash zero-day has cropped up.
Neither the second or the third vulnerability had been patched by Adobe as of late Monday, although the company has promised to do so this week.
(Score: 3, Informative) by WillR on Tuesday July 14 2015, @09:24PM
About Flash: Another Flash 0-day? Must be a day that ends in Y again.
Or about Mozilla: I guess blocking all versions of the Flash plugin is an easier way to kill it off than making YouTube's HD HTML5 player work without dorking around in about:config.
decisions, decisions...
(Score: 0) by Anonymous Coward on Wednesday July 15 2015, @04:16AM
Adobe are the conflicted ones, always have been.
10,000 credits for Photoshop (at least up to version CS5)
-1.0 x 10^2^16 credits for PDF and its spyware reader and ongoing security issues
-1.0 x 10^2^googol credits for Flash in all it forms
So in the balance of the equation, Adobe is going to Hell, a giant hole of boiling lava should already have opened up under their HQ - seems overdue.