Feeds

Mozilla catches half of Firefox users running insecure Flash

Adobe's upgrade blues

Beginner's guide to SSL certificates

More than half of all Firefox users ran an unsafe version of Adobe's Flash Player, according to statistics collected last week as users installed the latest release of the popular open-source browser.

Of the 6 million or so people who upgraded to either 3.5.3 or 3.0.14 of Firefox on its debut last Thursday, slightly more than 3 million of them were found to be running an outdated Flash version, according to Mozilla's Ken Kovash. Sadly, only about 35 percent of those informed they had an insecure installation clicked on a link to upgrade to the latest version.

That suggests that some 2 million Firefox users remained vulnerable to remote exploit attacks even after Mozilla presented them with a warning that said "your current version of Flash Player can cause security and stability issues" and added "you should update Adobe Flash Player right now."

A similar pattern has played out ever since, although the numbers in all three categories were smaller. Over that time, about 10 million users in all clicked on the link, which led to an update page on Adobe's website. The overall click-through rate was about 30 percent.

The statistics were gathered by counting the number of page impressions that are automatically generated when Firefox users install the latest version of the browser. As previously reported, the newest release began checking users' version of Flash and admonishing them to update if it was found to be out of date.

Over the past year, Adobe has faced harsh criticism for pumping out a steady stream of vulnerabilities in its ubiquitous Reader and Flash applications that have allowed criminals to surreptitiously install malware on end users' machines. In addition to poor quality control, much of the problem seems to rest with the difficulty administrators and average users alike have in making sure their computers are running the latest versions.

While a 30-percent click-through may seem small, Kovash said it represented a spike compared with the 5 percent of users who typically click such links.

Given that so many users can't rely on Adobe to help them stay up to date, it's nice to see Mozilla picking up the slack. The foundation plans to warn users when they have other out-of-date plugins, Mozilla's Johnathan Nightingale said here. ®

This article was updated to correct the number of users estimated to have remained vulnerable on the day the Firefox update was released.

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Managing SSL certificates with ease
The lack of operational efficiencies and compliance pitfalls associated with poor SSL certificate management, and how the right SSL certificate management tool can help.