Feeds

Mozilla catches half of Firefox users running insecure Flash

Adobe's upgrade blues

Choosing a cloud hosting partner with confidence

More than half of all Firefox users ran an unsafe version of Adobe's Flash Player, according to statistics collected last week as users installed the latest release of the popular open-source browser.

Of the 6 million or so people who upgraded to either 3.5.3 or 3.0.14 of Firefox on its debut last Thursday, slightly more than 3 million of them were found to be running an outdated Flash version, according to Mozilla's Ken Kovash. Sadly, only about 35 percent of those informed they had an insecure installation clicked on a link to upgrade to the latest version.

That suggests that some 2 million Firefox users remained vulnerable to remote exploit attacks even after Mozilla presented them with a warning that said "your current version of Flash Player can cause security and stability issues" and added "you should update Adobe Flash Player right now."

A similar pattern has played out ever since, although the numbers in all three categories were smaller. Over that time, about 10 million users in all clicked on the link, which led to an update page on Adobe's website. The overall click-through rate was about 30 percent.

The statistics were gathered by counting the number of page impressions that are automatically generated when Firefox users install the latest version of the browser. As previously reported, the newest release began checking users' version of Flash and admonishing them to update if it was found to be out of date.

Over the past year, Adobe has faced harsh criticism for pumping out a steady stream of vulnerabilities in its ubiquitous Reader and Flash applications that have allowed criminals to surreptitiously install malware on end users' machines. In addition to poor quality control, much of the problem seems to rest with the difficulty administrators and average users alike have in making sure their computers are running the latest versions.

While a 30-percent click-through may seem small, Kovash said it represented a spike compared with the 5 percent of users who typically click such links.

Given that so many users can't rely on Adobe to help them stay up to date, it's nice to see Mozilla picking up the slack. The foundation plans to warn users when they have other out-of-date plugins, Mozilla's Johnathan Nightingale said here. ®

This article was updated to correct the number of users estimated to have remained vulnerable on the day the Firefox update was released.

Beginner's guide to SSL certificates

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.