Mozilla Blocks Flash In Firefox To Protect Users Against Recent Zero-Day Vulnerabilities (Update: Flash Updated, Ban Lifted)
Recognizing how serious these vulnerabilities are, Mozilla's Head of Firefox Support, Mark Schmidt, announced that "all versions of Flash are blocked by default in Firefox as of now."
He also made it clear that the block is only temporarily until Adobe patches the vulnerabilities over the next few days. The change shouldn't give most users problems, as many video sites on the Web right now are powered by HTML5 technology. This includes major ones such as YouTube and Facebook.
There are a few places, such as restaurant websites for example, where Flash might still be used, so the content there won't load. If you need to visit such sites you can still enable Flash manually in Firefox with a single click on the "Activate Adobe Flash" message, which will appear on the blocked content. Therefore, the inconvenience caused to users should be minimal, while the company is also ensuring the maximum security for its users over the next few days until Adobe pushes out the appropriate updates.
Although the block is temporary, we may finally see browser vendors begin a more aggressive campaign for killing Flash sooner rather than later. Google recently announced that the next version of Chrome will block auto-playing Flash ads by default, and that was before the latest Flash zero-days were found in the Hacking Team data leak.
After Steve Jobs' permanent ban of Flash on the iOS platform, and then Adobe's surrender in making Flash work well on the Android platform, everyone knew that Flash is going to eventually die. It was always just a matter of how quickly that will happen.
Many would have expected Flash to be gone from the Web by now, but it managed to survive longer because HTML5 couldn't fully replace it for many years. Now, HTML5 is much more mature, and the days of Windows XP and obsolete Internet Explorer versions are over, which makes it much easier for developers to begin completely replacing Flash with HTML5 as their web development tool of choice.
Update, 7/15/15, 2:30pm PT: Mozilla posted an update on Twitter lifting the ban on Flash, re-enabling it by default, noting that Flash has been updated and the current security risks abated.
Follow us @tomshardware, on Facebook and on Google+.
And Jobs may have claimed he blocked Flash from iOS because of vulnerabilities and excessive power use, but the real reason was control. At the time, Apple prohibited all compilers and emulators from the App store. The only way you could run a program in iOS was by developing it using Apple's tools, and submitting it to the App store for their approval. Flash bypassed this control over their ecosystem. If you could install Flash in iOS, you could write your program in Flash, put it on a website, and browse the site with your iOS device to run your program. That broke Apple's monopoly on iOS executables, so they banned it. And their spin control department came up with reasons for the ban which didn't sound so selfish and authoritarian.
Steve wanted flash dead because of all the FREE games/apps it offered that would have taken a hit to the app store sales. No way around that.
It is a cat and mouse game and hackers will ALWAYS want in, not matter what browser or OS you use.
The more popular ones get hit first and more often so Windows/Internet explorer(its not like all users know about alternative browsers) will likely be a larger target, but with mobile devices soon(if not already. I know people that do not even use computers any more for the internet) to be the primary device for most users they will get just as much attention.
And Jobs may have claimed he blocked Flash from iOS because of vulnerabilities and excessive power use, but the real reason was control. At the time, Apple prohibited all compilers and emulators from the App store. The only way you could run a program in iOS was by developing it using Apple's tools, and submitting it to the App store for their approval. Flash bypassed this control over their ecosystem. If you could install Flash in iOS, you could write your program in Flash, put it on a website, and browse the site with your iOS device to run your program. That broke Apple's monopoly on iOS executables, so they banned it. And their spin control department came up with reasons for the ban which didn't sound so selfish and authoritarian.
One site I built a while back used to have an interactive map created in Flash, and when it was time to redesign it, the so-called "experts" insisted that we could do it just as well using Google Maps ... I was skeptical but went along with it. Well guess what, the Google Maps version was nothing like it and it sucked. "This is crap," I said, "what are our other options?" "There are no other options, you can't use Flash because of Apple, so this is it," they said. I told them I didn't care about Apple users, who made up about 2.75% of our audience, enough to design the whole site around them, but was shouted down. Garbage.
There was never anything wrong with Flash; it was as vulnerable and glitchy as any other widely used plugin, and the positives far outweighed any of that. As others have said, the campaign against it was all because of Steve Jobs (may he burn in hell) and his insistence on being a control freak. It's a shame so many people were dumb enough to fall for it.
*no, I'm not wishing Steve Jobs to burn in hell over Flash; that would be silly. He was just a jerk with a horrible mentality.
While Apple only has a small margin of the market, All cell phones/tablets(The quickly becoming primary device for surfing the internet if not already) do not support flash either.
I think some of the renewed GIF(something popular in the 90s due to the hardware most users had) craze is also to make mobile device playback more easy(strange since they all support at least basic mpeg4 video and that has better frame rates/colors and compression than GIF).
Also hating flash is rather popular on the internet.
That was kind of my point. The Kill-Flash movement isn't because there's anything wrong with it. It's because the drumbeat got going, and hating it became the default reaction "because it's old" or "because it's clunky" or any of a hundred other soundbites. Most people who are against Flash probably couldn't even articulate very clearly why they hate it - they hate it because they heard it from their friend Josh, or they read it on a snarky tech site, or they hate it just because.
In any case, now that Android compatibility has dried up, that turned it from cheerleading into a real problem, and now the reality is that it's being used less and less except for specialty purposes. It still puzzles me why that happened; the only explanation I can think of is that the Android developers all lemminged Apple, or listened to the cheerleading, and it became a self-fulfilling prophecy.
Dissenters such as journalists were helped track down to be tortured and killed in such places as Sudan thanks to zero day exploits in Flash being used by Hacker Team, is that not enough reason to hate flash? It's an easily exploitable security nightmare and every device that uses it is substantially less safe because of it.
To be fair, Flash was widely hated from the onset because web developers used it to make their website consistent on all displays. That was contradictory to the design of the web - the whole point of HTML is to transmit the important info (words, pics) to the browser in form that the browser can decide how to best display. i.e. If I want to compress the display so it'll fit in 800x600, or expand it to fill 1920x1080, I can resize the browser and the browser handles reflowing the text and pictures. If I don't like the font, the browser can change it. If I don't like the colors, the browser can override ithem You can't do that with flash websites - the formatting is determined by the site designer, not your browser.
I do agree with you about its artistic use. It is the best tool for that purpose I've seen.
Flash on Android was killed by Adobe itself. They stopped releasing updates for it and pulled it from the Play store. I used to keep a copy of it around in my TitaniumBackup backups, but so much time has passed without security patches I don't think it's worth the risk of installing it again.
The Dolphin browser supports flash. I don't normally use that browser, but I do keep a copy of it installed now for the occasional times I need to visit a flash website in Android.
Every computer system out there has zero-day exploits. If you're going to hate everything which has zero-day exploits, you need to become a Luddite and give up using computers.
Anyhow, Mozilla (and Google) blocked the vulnerable version of Flash from running on their browsers. Adobe has already released a new version which patches the vulnerability, and that version is allowed to run. This wasn't Mozilla taking some anti-flash stance like some in the press were trying to spin it. It was just the browser makers doing the prudent thing and preventing a vulnerable extension from running until it was fixed.
Unfortunately Flash still has its uses. There is no way to copy things to the clipboard that works consistently across browsers (admittedly it's debatable whether this is a good feature anyway).
Making it worse Adobe has gone nuts like everyone else with version numbers. So every couple of months Flash starts bugging you. Which is much more annoying when you manage a lot of computers.
Then they make the manual update more difficult. By making you go to the website, download an installer (remember not to add McAfee), then that installer has to download another installer. It's easy enough for me. But for many users this is a herculean effort.
Perhaps Firefox should just integrate Flash like Chrome and IE do.
I think until Flash is killed off, I use HTML mainly for Youtube and block most ads anyways, that all browser developers should be controlling the distribution of Flash for their browsers, like Microsoft does for IE and I believe Google does for Chrome.
It's pretty sad. Flash used to be viewed as a great flexible lighter weight tool for easily developing highly interactive web content. Adobe bloated it and only thinks of supporting it when bad press drops.