Announcement

Collapse
No announcement yet.

Mozilla Temporarily Disables Flash In Firefox

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Mozilla Temporarily Disables Flash In Firefox

    Posted by timothy

    Trailrunner7 writes with news that "Mozilla has taken the unusual step of disabling by default all versions of Flash in Firefox." Two flaws that came to light from the recent document dump from Hacking Team could be used by an attacker to gain remote code execution. From Threatpost's article:

    One of the flaws is in Action Script 3 while the other is in the BitMapData component of Flash. Exploits for these vulnerabilities were found in the data taken from HackingTeam in the attack disclosed last week. An exploit for one of the Flash vulnerabilities, the one in ActionScript 3, has been integrated into the Angler exploit kit already and there's a module for it in the Metasploit Framework, as well.

    Reader Mickeycaskill adds a link to TechWeek Europe's article, which says these are the 37th and 38th flaws found in Flash so far this month, and that the development "is a blow for Flash after Alex Stamos, Facebook's new chief security officer, urged Adobe to set an 'end of life' date for the much-maligned software."
    The Hackmaster

  • #2
    Yeah, facebook games aren't working anymore. You have to enable flash for each one.

    Comment


    • #3
      This is not new Mozilla has been disabling Flash plugin(s) due exploitations since 2008
      lee4 Does Not Accept Codes Requests !
      When lee4 asks a question it does not mean lee4 will look at your game
      *How to create and use SegaCD codes >click here<*
      >)

      Comment


      • #4
        It's new. About a year ago I was playing facebook games without pressing enable buttons. Now you gotta press enable buttons to use them.

        Comment


        • #5
          that done by noscript addon, facebook site and plugin preferences in web broswer to stop flash from loading until click on it.

          which nothing do with moziilla disabling flash, when flash is disabled the site would said flash is not install.
          lee4 Does Not Accept Codes Requests !
          When lee4 asks a question it does not mean lee4 will look at your game
          *How to create and use SegaCD codes >click here<*
          >)

          Comment


          • #6
            The Agonizingly Slow Decline of Adobe's Flash Player

            Despite industry wide calls for Flash’s demise, lots of major websites still use the aging browser plug in. And they won’t explain why.

            By Jared Newman

            This story on Adobe Flash was supposed to turn out a bit differently.

            The idea was to talk with some of the biggest websites still using Adobe's browser plugin, which has fallen out of favor within tech circles for its constant security issues and thirst for system resources. Maybe they could explain why Flash is still necessary, offering a counterpoint to the resounding calls to end its existence.

            Instead, most of the proprietors of Flash-reliant websites I contacted didn’t want to talk at all. HBO, NBC, CBS, Zynga, King, Showtime, Pandora, and Spotify—all of which require Flash on their desktop sites—declined to comment. Major League Baseball, Slacker Radio, Hulu, and the BBC didn’t respond to inquiries.

            My attempted survey wasn’t a total failure. Among the sites that were willing to talk, all of them are planning to move beyond Flash Player within a year or so. But even if the era of Flash is winding down, it will be a while until it's completely wiped from the web.



            What’s Wrong With Flash

            If you need an explainer on why Adobe Flash Player must go, the best resource remains a five year old essay by Steve Jobs. At the time, Jobs was merely explaining why Flash would never show up on iPhones and iPads. But today much of the 1,700-word missive serves as take down of the technology as a whole, applying just as well to laptops and desktop PC's.

            Security, for instance, remains a major concern, with new exploits popping up on a regular basis. In one recent example, hackers were even able to break through the sand-boxing that’s meant to minimize vulnerabilities in Google Chrome. Flash is also a notorious resource hog, which is a problem as laptops become thinner, lighter, and more reliant on power efficiency for long battery life.

            All of this has brought calls to kill Flash to a fever pitch, not just on mobile devices, but everywhere. Alex Stamos, Facebook’s chief security officer, wrote on Twitter last month that Adobe should set a firm end-of-life date for the plugin. Meanwhile, an "Occupy Flash" website has popped up, urging users to uninstall Flash and asking developers to use alternative technologies such as HTML5.


            The Occupy Flash site wants to hasten Flash's demise.

            These days, it is easier to browse the web Flash-free. Many sites have moved away from Flash for animations and graphics, and web browsers’ widespread adoption of digital-rights management for HTML5 has allowed major video and music sites to leave Flash Player behind. Netflix and YouTube both work without Flash, as do Google Play Music and Rdio. Amazon also started rolling out an HTML5 player last month.

            Still, a mass exodus or firm cutoff for Flash would be easier said than done.


            Flash: still required all over the web

            Moving Beyond Flash

            Despite the pressure from tech circles, the sites I spoke with said they simply weren’t able to start moving away from Flash until recently, when better technology become available. And even now, it’s going to take time for them to finish building the necessary tools.

            "Originally, Flash was necessary to solve a couple problems," says Adam Denenberg, chief technical officer for streaming music service iHeartRadio. "Streaming was difficult, especially for live stations, and there were no real http-supported streaming protocols that offered the flexibility of what was required a few years back."

            While Denenberg says there’s not much reason to deploy a new Flash-based streaming solution at this point, iHeartRadio still needs time to make the transition from its existing platform. The company already uses HTTP Live Streaming for its own online radio stations, but some of its third-party broadcasters still rely on Flash. An internal project is under way to convert those sources to HTTP Live Streaming on the fly, and the company also has to finish rebuilding its own media player in HTML5. All told, iHeartRadio hopes to be completely Flash-free by the end of the year.

            Autodesk, meanwhile, is wading in slowly with an HTML5- and WebGL-based version of its Pixlr online photo editing tools. A beta version of Pixlr Express is coming later this summer.


            For now, Pixlr still requires Flash.

            "If you look back two years ago, I think we definitely had a harder time, because the technology wasn’t as mature as today," says Thomas Heermann, director of digital arts for Autodesk’s consumer business, "There were limitations on HTML5, but now you don’t see any problems anymore."

            Even so, Pixlr has no plans to discontinue the Flash versions of its editing tools. That’s because a sizable chunk of its users are running older browsers in legacy operating systems that don’t support HTML5 and WebGL.

            That speaks to a larger issue, which is that many users outside of the tech bubble don’t particularly care whether they’re using Flash or not. Bjørn Rustberggaard, cofounder of online video editing tool WeVideo, says he hasn’t seen a lot of requests from users to offer a Flash-free version. Most of them just want the app to work regardless of what browser they’re using.

            "If it's a Mom making stories about her children, or if it's a student editing a history project, or it's a professional journalist using it to break the news, it really doesn't matter if the industry is getting rid of Flash, as long as it works for them," Rustberggaard says.

            Nonetheless, WeVideo has been experimenting with an HTML5 version for a few years now, and aims to offer it to users early next year. Again, the company has been waiting for certain API's and low-level audio and video support across all major browsers. "For us, it's basically a timing issue," Rustberggaard says. "When will HTML be good enough so it just works?"


            Flash usage has declined over the past year.

            Slow, Steady Slip

            In the end, websites won’t really need the motivation to get rid of Flash in the form of a hard cutoff date. As web technology allows for alternatives, market forces will ultimately demand that more websites make the switch of their own volition.

            iHeartRadio, for instance, wants its radio stations to work in any web browser, including mobile browsers that don't support Flash, which is a big reason why the company is pushing so hard now for an HTML5 player and HTTP Live Streaming. "When you consider the increase of traffic heading to mobile, an HTML5-supported player is even more important, and ultimately required," Denenberg says.

            The fact that Adobe has essentially stopped trying to do anything new and innovative with Flash is also prompting developers to move on. Looking forward, Autodesk’s Heermann expects that Pixlr’s HTML5 and WebGL versions will include new features, while supporting platforms that aren’t as Flash-friendly.

            "Flash is maintenance mode," Heermann says. "Adobe’s still fixing bugs and security problems, and it’s a reliable platform, but with HTML5 and WebGL, we have an opportunity to even go beyond what Flash is today."

            Even the ability to attract developer talent could be a liability if websites stick to Flash. That’s a major reason WeVideo is looking to switch, despite a lack of requests from users. "Developers are passionate about technology, and nobody wants to spend a lot of hours maintaining and developing something that they think is dead," Rustberggaard says. "So to motivate your tech team, you really have to show that you're ahead of the curve in terms of using technology."

            Those forces seem to be working in more than just anecdotes. Five years ago, 28.9% of websites used Flash in some way, according to Matthias Gelbmann, managing director at web technology metrics firm W3Techs. As of August, Flash usage had fallen to 10.3%.

            But larger websites have a longer way to go. Flash persists on 15.6% of the top 1,000 sites, Gelbmann says. That’s actually the opposite situation compared to a few years ago, when Flash was used on 22.2% of the largest sites, and 25.6% of sites overall.

            In other words, the larger the site, the slower it is to move away from Flash—and, perhaps, the more ashamed it is to admit it.
            Last edited by dlevere; 08-18-2015, 11:05:48 AM.
            The Hackmaster

            Comment


            • #7
              I definitely notice the "Resource hog" part of it. My computer sucks, but not so bad it should be struggling like it does with flash. I wonder what will replace it, I hope it's good. The Flash controls on sites always annoy me because I use tons of keyboard shortcuts and once you click in a Flash window you basically can't do crap with most keyboard shortcuts, you're required to use the mouse for any further stuff like scrolling down the page. Maybe there's a shortcut to get out of the Flash window, but it was a small annoying thing to me.
              July 7, 2019

              https://www.4shared.com/s/fLf6qQ66Zee
              https://www.sendspace.com/file/jvsdbd

              Comment

              Working...
              X