A ComputerWorld story explains that Mozilla has taken the unusual step of blocking all Flash after the announcement of the third 'zero-day' vulnerability in the last few days. It is possible to override the block by user selection for a single flash link or for all links. The block is in force even if Flash player has been updated since the first vulnerability was announced.
Mozilla on Monday began blocking all versions of Adobe Flash Player from running automatically in its Firefox browser, reacting to news of even more zero-day vulnerabilities unearthed in a massive document cache pilfered from the Italian Hacking Team surveillance firm.
Mozilla engineers swung into action over the weekend after reports surfaced late Friday of another Flash zero-day -- the term that describes a flaw for which there is yet no fix, or patch -- discovered in the gigabytes of data and documents stolen from the Hacking Team. At the time, the bug was the second in Flash spotted in just five days.
After reading the block warning, Firefox users can still run Flash content by authorizing the plug-in's operation. Since then a third Flash zero-day has cropped up.
Neither the second or the third vulnerability had been patched by Adobe as of late Monday, although the company has promised to do so this week.
(Score: 2) by panachocala on Tuesday July 14 2015, @10:48PM
I wish Firefox devs would consider that some of us already block Flash by default. Therefore when they hardcode another block in Firefox, it takes a while to figure out how to disable it. It's redundant redundancy. Also, if someone would tell pogo.com to stop rejecting out of date Flash versions that would be great. Basically they're saying: we won't let you run your version of Flash because we may pose a security risk to you. Pout.
Flash is bad for security okay we get it - but it's manageable with Flashblock. The intentional breakage 'for your own good' is what really fucks everyone over.
(Score: 2) by hash14 on Tuesday July 14 2015, @11:24PM
What service does Mozilla use to update which versions that are out of date? Is it possible to block it?
(Score: 2) by wantkitteh on Wednesday July 15 2015, @08:44AM
While I agree that forcing a blockage on Flash may be inconvenient for some, I would have thought it's fairly obvious that this is an emergency move. The whole point of something being defined as an emergency is that you simply don't have the tools and resources at hand to fix the issue gracefully. So they clobbered Flash - between a few million people being at major risk of being cracked and a few thousand people moaning that they already blocked something, it's not hard to see which is better for society. I can't say I'm thrilled about they way they did it either, would have been nice if they'd told anyone about it - explains why I've been having such major problems firing up Twitch streams for the last few days.