Homeless in Vancouver

Homeless in Vancouver: Firefox blocks Flash versions; Facebook says kill it

by Stanley Q. Woodvine on July 14th, 2015 at 2:02 PM
    1 of 1 2 of 1

      The Guardian website is reporting that all versions of the Adobe Flash Player have been banned from the Firefox web browser, and that Facebook’s head of security is calling for Adobe to kill off the bug-ridden plugin.

      While the report that Flash Player is dead to Firefox has been greatly exaggerated, it’s true that social media giant Facebook has added its voice to the growing calls to replace the aging and increasingly insecure multimedia enabler.

      The latest in a long line of last straws has come in the form of the July 5 server breach of Italian “security” company Hacking Team.

      In the hundreds of gigabytes of leaked Hacking Team data, explicit details of at least two more Flash Player security bugs have been found. It turns out that the “grey hat” seller of spyware and zero-day exploits to governments had uncovered the flaws and were secretly exploiting them for profit.

      And this only a week after Adobe was forced to rush out a security patch to the Flash Player on June 23 in order to address a buffer overflow bug being exploited by Chinese hackers against military and high technology companies.

      This “patching a sieve one hole at a time” must be taking a toll on Adobe.

      Computerworld’s Michael Horowitz keeps track of Flash updates and says that in the last 12 months, Adobe Flash Player has averaged two bug fixes every five days!

      Calling for an end to Flash Player’s reign of error

      On July 12, Alex Stamos, Facebook’s brand new Chief Security Officer, tweeted that Adobe should now set a date when it will cease developing the Flash Player plug-in for good and that all web browsers should be set to disable the plugin on that date.

      Stamos wants Adobe to set a hard and fast date in order to convince web developers that they must get off their collective butts and finally develop a complete replacement for all the multimedia capabilities currently provided by the 19-year-old Flash technology.

      And yesterday (July 13), the Mozilla Foundation blocked three more outdated versions of the Adobe Flash Player from being able to load in the Firefox web browser:

      Contrary to what the Guardian is reporting, Mozilla is not blocking every version of Adobe’s Flash plugin from running within its Firefox browser; just outdated versions known to be vulnerable to zero-day hacking exploits.

      This is not new. Mozilla has been blocking versions of the Flash Player that are known to be insecure for years now.

      Official Adobe Flash Player versions make up fully six percent of the 498 Firefox add-ons that Mozilla has blocked over the last seven years.

      Between April 16, 2008, and yesterday (July 13, 2015), Mozilla has placed 30 legitimate Adobe Flash Player versions on its blocklist

      If you include the 21 blocked add-ons that are not made by Adobe but are are out-and-out malware named “Flash Player”, then the total increases to 10.24 percent.

      As usual, desktop Internet users have few choices: uninstall the Flash Player and try to live without it or keep it updated and put it on a leash called click-to-play.

      Stanley Q. Woodvine is a homeless resident of Vancouver who has worked in the past as an illustrator, graphic designer, and writer. Follow Stanley on Twitter at @sqwabb.

      Comments