Mozilla Temporarily Blocks Flash By Default In Firefox Following Security Woes
In the wake of recent security threats that have come to light, Mozilla has made the decision to block Adobe Flash content by default on all versions of its Firefox browser. Mark Schmidt, head of Firefox support at Mozilla and CEO of SupportHacker, announced the change via Twitter on Monday, adding that this is a temporary thing.
"BIG NEWS!! All versions of Flash are blocked by default in Firefox as of now. To be clear, Flash is only blocked until Adobe releases a version which isn't being actively exploited by publicly known vulnerabilities," Schmidt said.
This has been a bad month for Adobe and its Flash software. A well known Italian hacking group called Hacking Team that sells software exploits to various governments was itself hacked last week, and among the 400GB of source code and other internal data that was stolen and leaked in the security breach were details on unpatched vulnerabilities in Adobe Flash.
"A critical vulnerability (CVE-2015-5119) has been identified in Adobe Flash Player 18.0.0.194 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit targeting this vulnerability has been published publicly. Adobe expects to make updates available on July 8," Adobe said at the time.
Then just yesterday, researchers discovered two more zero-day vulnerabilities in Adobe's Flash Player browser plugin. Just like the previous one, the securities came to light via a data dump of documents that were stolen from Hacking Team.
What's worrisome is that this could be just the beginning of many more zero-day vulnerabilities to come. It's not as though Adobe's Flash Player has a favorable history when it comes to security, and even if this is the last of the data dumps, Mozilla made the right move here since the latest threats are unpatched.
"BIG NEWS!! All versions of Flash are blocked by default in Firefox as of now. To be clear, Flash is only blocked until Adobe releases a version which isn't being actively exploited by publicly known vulnerabilities," Schmidt said.
This has been a bad month for Adobe and its Flash software. A well known Italian hacking group called Hacking Team that sells software exploits to various governments was itself hacked last week, and among the 400GB of source code and other internal data that was stolen and leaked in the security breach were details on unpatched vulnerabilities in Adobe Flash.
"A critical vulnerability (CVE-2015-5119) has been identified in Adobe Flash Player 18.0.0.194 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit targeting this vulnerability has been published publicly. Adobe expects to make updates available on July 8," Adobe said at the time.
Then just yesterday, researchers discovered two more zero-day vulnerabilities in Adobe's Flash Player browser plugin. Just like the previous one, the securities came to light via a data dump of documents that were stolen from Hacking Team.
What's worrisome is that this could be just the beginning of many more zero-day vulnerabilities to come. It's not as though Adobe's Flash Player has a favorable history when it comes to security, and even if this is the last of the data dumps, Mozilla made the right move here since the latest threats are unpatched.
