Security

This article is more than 1 year old

Thunder-faced Mozilla lifts Flash Firefox block after 0-days plugged

Browser maker backs search for 'safer and more stable' alternative – like its own

Thu 16 Jul 2015 // 12:43 UTC

Patching the web

While they might agree over the security response to active attacks, Adobe and Mozilla are not in tune when it comes to the future of streaming media technologies on the web.

We can see this by looking at Mozilla's work on an experimental Flash replacement technology called Shumway.

In a statement, Mozilla provided a more detailed explanation of its actions in temporarily blocking Flash, as well as reiterating its commitment to developing and supporting alternative technology.

We're glad Adobe has moved quickly to fix critical vulnerabilities in Flash. The latest Flash update is now enabled by default in Firefox. On Monday, 13 July, we disabled Flash by default in Firefox to protect our users from active exploits which were distributing malware.

This followed Adobe’s advisory for two critical vulnerabilities (CVE-2015-5122 and CVE-2015-5123) in Adobe Flash Player 18.0.0.204 and earlier versions for Windows, Macintosh and Linux.

We will continue to work with developers to encourage adoption of safer and more stable technologies, such as HTML5 and Javascript, and we look forward to helping drive that conversation.

The latest patch batch from Adobe, killing two Hacking Team vulnerabilities, follows another emergency fix for Flash earlier this month, also addressed problems exposed by the breach of the controversial Italian surveillance software firm.

Years ago, hackers used to plant malicious code on compromised websites that exploited browser vulnerabilities. These days, Flash and Java browser plug-ins have become the preferred vectors for banking trojan-slingers and spooks alike.

There have been 11 Flash updates this year alone, and six have come outside Adobe's regular patching cycle as emergency patches for zero-day flaws.

Earlier calls by security experts to ditch the technology are getting traction in the wider IT world. For example, this week Facebook's recently installed security chief, Alex Stamos, called for a timetable to kill off Flash. ®

Topics

Special Features

Vendor Voice

Resources

Security

Thunder-faced Mozilla lifts Flash Firefox block after 0-days plugged

Browser maker backs search for 'safer and more stable' alternative – like its own

Patching the web

More about

More about

Narrower topics

Broader topics

More about

More about

More about

Narrower topics

Broader topics

TIP US OFF

Other stories you might like

Got an unpatched LG 'smart' television? It could be watching you back

Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching

JetBrains keeps mum on 26 'security problems' fixed after Rapid7 spat

Industrial systems integrating digitalisation

Firefox 124 brings more slick moves for Mac and Android

Mozilla CEO quits, pushes pivot to data privacy champion... but what about Firefox?

Exploiting the latest max-severity ConnectWise bug is 'embarrassingly easy'

The most 2024 things to do are laying off staff and eyeing up AI – Mozilla's doing both

Mitchell Baker logs off for good as CEO of Firefox maker Mozilla

Firefox 122 gets even more competitive with Chrome on translation

Zoom stomps critical privilege escalation bug plus 6 other flaws

Ivanti releases patches for VPN zero-days, discloses two more high-severity vulns

About Us

Our Websites

Your Privacy