SoylentNews is people
SoylentNews
A ComputerWorld story explains that Mozilla has taken the unusual step of blocking all Flash after the announcement of the third 'zero-day' vulnerability in the last few days. It is possible to override the block by user selection for a single flash link or for all links. The block is in force even if Flash player has been updated since the first vulnerability was announced.
Mozilla on Monday began blocking all versions of Adobe Flash Player from running automatically in its Firefox browser, reacting to news of even more zero-day vulnerabilities unearthed in a massive document cache pilfered from the Italian Hacking Team surveillance firm.
Mozilla engineers swung into action over the weekend after reports surfaced late Friday of another Flash zero-day -- the term that describes a flaw for which there is yet no fix, or patch -- discovered in the gigabytes of data and documents stolen from the Hacking Team. At the time, the bug was the second in Flash spotted in just five days.
After reading the block warning, Firefox users can still run Flash content by authorizing the plug-in's operation. Since then a third Flash zero-day has cropped up.
Neither the second or the third vulnerability had been patched by Adobe as of late Monday, although the company has promised to do so this week.
(Score: 4, Insightful) by Grishnakh on Wednesday July 15 2015, @01:41AM
Why would open sourcing it fix anything at all? You seem to be assuming a bunch of top-notch programmers are going to take it upon themselves to do security audits of Adobe's code, for free. Why would they do that? Anyone who was really interested in volunteering for such a project would already be working on Gnash, but look how dead that project is.
It's simple: FOSS programmers don't want to waste their time with a dying technology, which is what Flash is. This doesn't mean that people aren't willing to work on projects for free, but Flash just isn't one of them.
The only fix for this problem is for the browsers to all block Flash, so that stupid website operators who still use it are forced to fix their sites. In this age of HTML5, there is simply no reason at all to use Flash.
(Score: 1) by Pino P on Wednesday July 15 2015, @02:25AM
The only fix for this problem is for the browsers to all block Flash, so that stupid website operators who still use it are forced to fix their sites.
How would (say) Newgrounds go about fixing its site?
In this age of HTML5, there is simply no reason at all to use Flash.
With one exception: to play legacy SWFs that don't work well in Shumway, Mozilla's Flash Player clone written in JavaScript.
(Score: 2) by Grishnakh on Thursday July 16 2015, @01:44AM
I'm not sure what to tell your about Newsgrounds, other than that they need to fix their site (assuming you're talking about "newsgrounds.com"). I just went there and got a blank page.
Of course, if their page is powered by Flash, I'm using the latest Firefox which blocks it, so that would explain it. But again, that's their problem. Basing your whole web business on some bloated, bug-filled, proprietary POS instead of regular HTML is a recipe for disaster.
(Score: 1) by Pino P on Thursday July 16 2015, @07:40PM
That's Newgrounds [newgrounds.com] (one S), not Newsgrounds (two S's). It's like YouTube, except for SWF vector animations and games instead of pixel-based video.
(Score: 0) by Anonymous Coward on Wednesday July 15 2015, @03:24AM
Isn't that "strength" basically the sole reason for using anything open source? Are you saying that "many eyes" line people always use to explain how open source is infinitely superior to everything is a li?
(Score: 0) by Anonymous Coward on Wednesday July 15 2015, @10:10AM
No. Richard M. Stallman uses a GNU/Linux operating system, [stallman.org] but I'm pretty sure the reason that he does is not that so many people look for bugs in the Linux kernel.