[SOLVED} Firefox Now Blocks All Versions Of Flash Player By Default

Discussion in 'Android Tablet News Depot' started by Spider, Jul 14, 2015.

  1. Spider

    Spider Administrator Staff Member

    Joined:
    Mar 24, 2011
    Messages:
    15,413
    Likes Received:
    1,784
    Trophy Points:
    1,000
    Location:
    Chicago, IL
    Tablet / Device:
    NOOK Tablet Stock NOOKcolor Rooted/Flashed Nexus 7 (2013) 32GB Stock
    In the wake of two new zero-day flaws in Flash Player, Mozilla has disabled the plugin for all versions of its Firefox browser.

    [​IMG] By Liam Tung | July 14, 2015 -- 09:02 GMT (02:02 PDT) |

    Mozilla's support team has made the dramatic but justified decision to block all versions of Flash Player from Firefox until Adobe releases a patch.

    The block, announced by head of Firefox support Mark Schmidt, comes in response to the recent discovery of two critical zero-day flaws in Flash Player.

    "BIG NEWS!! All versions of Flash are blocked by default in Firefox as of now," Schmidt tweeted. He added a link to Firefox's add-ons page which details that the Flash Player Plugin 18.0.0.203 (the most current and vulnerable version) has been blocked for users' protection.

    The tweet was a little overly dramatic given that the move is only a stop-gap measure until Adobe releases a fix for the bugs.

    To clarify the matter, Schmidt later added: "Flash is only blocked until Adobe releases a version which isn't being actively exploited by publicly known vulnerabilities."

    Adobe has promised patches for the two flaws, but the patches are yet to arrive. Security experts fear that hackers are already working to integrate attacks for the bug into exploit kits, which has already happened for one of the two new flaws.

    The two Flash Player bugs (CVE-2015-5122 and CVE-2015-5123) were discovered by security researchers sifting through the 400GB of data from Italian surveillance software vendor Hacking Team which was leaked online last week.

    Adobe has already published a patch for an earlier Flash bug, discovered last week in the Hacking Team's files, which formed part of its law enforcement product Remote Control System or 'Galileo'. That flaw was integrated into several exploit kits within hours of its discovery.

    Due to the new Flash flaws, Facebook's chief security officer Alex Stamos this week called on Adobe to kill off Flash, which remains one of the most popular targets for hackers thanks its ubiquity on desktops.

    Trend Micro, one of the firms that discovered one of the latest bugs, cautioned users to disable Flash until Adobe releases a patch. Trend Micro noted earlier this week that, unlike the first of the three Flash flaws from Hacking Team's files, the two most recent bugs have not been seen in active attacks and have not been integrated into exploit kits. However, that status changed after security researcher Kafeine discovered several exploits kits had bundled attacks for CVE-2015-5122 into their kits.
     
  2. leeshor

    leeshor Senior Member

    Joined:
    Dec 27, 2011
    Messages:
    6,331
    Likes Received:
    1,037
    Trophy Points:
    700
    Location:
    Norcross, GA
    Tablet / Device:
    Samsung Galaxy Tab S 10.5
    Version 209 is out and eliminates the problem.
    https://get.adobe.com/flashplayer/ If you use Firefox to go to that download page it will default to the Firefox, (non ActiveX) version.
     
    • Like Like x 1
  3. Spider

    Spider Administrator Staff Member

    Joined:
    Mar 24, 2011
    Messages:
    15,413
    Likes Received:
    1,784
    Trophy Points:
    1,000
    Location:
    Chicago, IL
    Tablet / Device:
    NOOK Tablet Stock NOOKcolor Rooted/Flashed Nexus 7 (2013) 32GB Stock
    Updated to 209 and the Firefox message disappeared.:)
     

Share This Page