Mozilla Kills Flash On Firefox As Adobe Rushes Patch - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications
05:05 PM

Mozilla Kills Flash On Firefox As Adobe Rushes Patch

It's another nail in the coffin for Adobe's Flash platform as Mozilla disables it from running on the company's Firefox Web browser.

HTML5: 10 Tips That Will Change Your Life
HTML5: 10 Tips That Will Change Your Life
(Click image for larger view and slideshow.)

Mozilla, the developer behind Firefox, announced this week that it has disabled the ability of Adobe Flash -- the ubiquitous multimedia and software platform used for Internet and mobile apps, rich content, and animation -- from its Web browser.

Users can still re-activate the feature by selecting the option in Firefox's settings menu, but from now on Firefox's use of Flash has been automatically disabled.

"Some websites use Adobe Flash to display content. However, attackers can also use the security flaws in Flash to run malicious software on your computer and gain access to your system," a Mozilla blog posted warned. "One way to protect yourself is by disabling or removing Flash, but if your trusted websites require Flash, you can change your plugin settings so that Flash runs only when you click to activate it."

The occurrence of Flash exploits has spiked this month, starting on July 6 and continuing until July 9, according to a report from F-Secure.

Two of the exploits, CVE-2015-5122 and CVE-2015-5123, have yet to be patched. They arose after the first two exploits were successfully patched.

"There were already speculations that there seem to be strong connections between the actors behind the two exploits kits," a July 13 blog post from the company explained. "For example, both have used 'fileless' delivery of payload and even similar encryption methods."

(Image: Sasa Nikolic/iStockphoto)

(Image: Sasa Nikolic/iStockphoto)

After suffering through the criticism all weekend, Adobe published a July 14 blog post and security bulletin to address these concerns.

Much of this came to light on Friday, July 10, security firm FireEye's Hacking Team released details as to how the exploit is triggered, noting a previous company leak had already resulted in the public disclosure of two zero-day vulnerabilities earlier last week.

A representative from social networking giant Facebook, a company known for its complaints about Flash vulnerabilities, was quick to call for the platform's demise.

"It is time for Adobe to announce the end-of-life date for Flash," Facebook's security chief Alex Stamos tweeted on Sunday.

Complaints about the vulnerability of Flash reach well into the past. Apple co-founder Steve Jobs wrote an open letter on the topic in 2010, calling out the platform's safety and mobile performance issues. The fact that Jobs called out the security problems with Flash helped add legitimacy to the number of complaints that had been building for years.

[Read about Adobe's latest Creative Cloud update.]

"Flash was created during the PC era -- for PCs and mice," Jobs wrote. "Flash is a successful business for Adobe, and we can understand why they want to push it beyond PCs. But the mobile era is about low power devices, touch interfaces and open web standards -- all areas where Flash falls short."

Adobe lost a major proponent of Flash earlier this year when Google announced that YouTube, its ubiquitous video sharing Web site, would switch to HTML5 on all browsers, including Chrome, Internet Explorer, Safari, and Firefox.

Complaints about the platform extend beyond security concerns.

In June, Google announced it would intelligently pause content (like Flash animations) that aren't central to the Web page, while keeping central content playing without interruption, in an effort to reduce the drain on battery life.

Nathan Eddy is a freelance writer for InformationWeek. He has written for Popular Mechanics, Sales & Marketing Management Magazine, FierceMarkets, and CRN, among others. In 2012 he made his first documentary film, The Absent Column. He currently lives in Berlin. View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Tech Spending Climbs as Digital Business Initiatives Grow
Jessica Davis, Senior Editor, Enterprise Apps,  4/22/2021
Optimizing the CIO and CFO Relationship
Mary E. Shacklett, Technology commentator and President of Transworld Data,  4/13/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll