Announcing the news, Mark Schmidt, Head of Firefox Support at Mozilla, in a tweet said, “BIG NEWS!! All versions of Flash are blocked by default in Firefox as of now.” The company is also recommending users to disable the browser plugin.
On its support page, Mozilla notes, “Old versions of the Flash Player plugin have known vulnerabilities. All users are strongly recommended to check for updates on our plugin check page. The problematic add-on or plugin will be automatically disabled and no longer usable.”
The company went on to suggest that Mozilla will block the use of any third-party plugin from general use once aware that it is causing issues in the Firefox browser’s security or performance. “When Mozilla becomes aware of add-ons, plugins, or other third-party software that seriously compromises Firefox security, stability, or performance and meets certain criteria, the software may be blocked from general use,” it said.
In other news, Facebook’s new CSO (chief security officer) Alex Stamos took to Twitter to reveal his frustration about Adobe Flash saying that it was time for Adobe to announce an end to the Flash service. He said, “It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.”
In a follow-up tweet, Stamos added, “Even if 18 months from now, one set date is the only way to disentangle the dependencies and upgrade the whole ecosystem at once.”
A new vulnerability in Adobe Flash was discovered last week and the firm confirmed the existence of the problem and categorised it as “critical”. The vulnerability could result in attackers taking control of PCs and running malicious code.
To recall, the exploit was reportedly originally discovered by Hacking Team, an Italian collective known for supplying electronic surveillance software to governments and other bodies around the world, but not made public. An attack on Hacking Team by an anti-surveillance activist resulted in over 400GB of proprietary data being released to the general public, including information about the Adobe Flash vulnerability. By keeping it a secret, the company had been able to exploit it for its own gain. It is not known how long ago Hacking Team discovered it and how long the firm had been using it, or for what purposes.
Recently, a second dangerous vulnerability in Adobe Flash Player came to light from the Hacking Team data. Security firm FireEye reported the discovery to Adobe, which confirmed that it affected even the latest versions of Flash. Adobe classified it as critical but had only committed to releasing an update “during the week of July 12, 2015”.