Firefox now blocks all versions of Flash Player by default

[Batu69]

In the wake of two new zero-day flaws in Flash Player, Mozilla has disabled the plugin for all versions of its Firefox browser.

Mozilla's support team has made the dramatic but justified decision to block all versions of Flash Player from Firefox until Adobe releases a patch.

The block, announced by head of Firefox support Mark Schmidt, comes in response to the recent discovery of two critical zero-day flaws in Flash Player.

"BIG NEWS!! All versions of Flash are blocked by default in Firefox as of now," Schmidt tweeted. He added a link to Firefox's add-ons page which details that the Flash Player Plugin 18.0.0.203 (the most current and vulnerable version) has been blocked for users' protection.

The tweet was a little overly dramatic given that the move is only a stop-gap measure until Adobe releases a fix for the bugs.

To clarify the matter, Schmidt later added: "Flash is only blocked until Adobe releases a version which isn't being actively exploited by publicly known vulnerabilities."

Adobe has promised patches for the two flaws, but the patches are yet to arrive. Security experts fear that hackers are already working to integrate attacks for the bug into exploit kits.

The two Flash Player bugs were discovered by security researchers sifting through the 400GB of data from Italian surveillance software vendor Hacking Team which was leaked online last week.

Adobe has already published a patch for an earlier Flash bug, discovered last week in the Hacking Team's files, which formed part of its law enforcement product Remote Control System or 'Galileo'. That flaw was integrated into several exploit kits within hours of its discovery.

Due to the new Flash flaws, Facebook's chief security officer Alex Stamos this week called on Adobe to kill off Flash, which remains one of the most popular targets for hackers thanks its ubiquity on desktops.

Trend Micro, one of the firms that discovered one of the latest bugs, cautioned users to disable Flash until Adobe releases a patch. Trend Micro noted this week that, unlike the first of the three Flash flaws from Hacking Team's files, the two most recent bugs have not been seen in active attacks and have not been integrated into exploit kits.

Source

[software182]

same story, different source

//www.nsaneforums.com/topic/248510-after-facebook-called-for-its-death-now-firefox-is-blocking-flash-by-default/

[dcs18]

"BIG NEWS!! All versions of Flash are blocked by default in Firefox as of now," Schmidt tweeted. He added a link to Firefox's add-ons page which details that the Flash Player Plugin 18.0.0.203 (the most current and vulnerable version) has been blocked for users' protection.

The most current Flash Player Plugin is 18.0.0.209.

[banned]

I just went to a trusted site requiring Flash. It loaded just fine with 18.0.0.203.

Besides, I don't need Firefox to play baby-sitter..

The most current Flash Player Plugin is 18.0.0.209.

Saw it on the front page earlier, thanks. Haven't updated yet.

[TheRuan]

Funny, my Firefox is up to date and it ISN'T blocking flash player at all, just did a recheck on updates, nothing changed, ran a flash game here with no prompts at all.

Maybe they will put on next update, i'm running version 39.

EDIT: After about half an hour it did request me to allow or update the plugin.