Skip to main content

Mozilla blocks Flash in Firefox browser as Adobe issues emergency patch for latest security exploits

It’s been a rough week for the fate of Adobe’s Flash Player plugin. Yesterday we told you about Facebook’s security chief pushing Steve Jobs’ anti-Flash message and calling on Adobe to announce an end-of-life date for the plugin, and today a major web browser has opted to actually block Flash to protect users from security issues. Mozilla said today that it is temporarily disabling Flash by default until Adobe is able to address recent exploits discovered in the plugin…

While the block doesn’t completely prevent Firefox users from using Flash, it does mean users will have to actively click-to-enable the plugin. Mozilla’s action also further highlights the growing concern over Flash’s stability as a secure browser plugin.

Mark Schmidt, Firefox’s head of support, linked to Jobs’ famous “Thoughts on Flash” essay from 2010 in a tweet address the temporary block. At the time, the Apple co-founder was addressing the company’s decision not to support the Flash Player plugin at all on iPhones, iPads, and iPods due to several concerns including security.

Although Apple has moved to block support for older versions of Flash over security issues in the past and the OS X operating system has long shipped without Flash included, Apple has not completely disabled support for Flash in Safari. Instead, Safari has aggressively alerted users of outdated versions of Flash while requiring users to use the latest version of the plugin.

Users that rely on the Adobe plugin should install Flash Player 18.0.0.209 that was released today.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. irelandjnr - 9 years ago

    What browser?

  2. Not on my Mac…

  3. That’s the way to go. Great step Mozilla! Although I use Safari without Adobe plugin installed (despite Flash is c*ap I wanted to update it, it failed, I uninstalled it, wanted to install it again, didn’t work, I said to myself: F*CK you ADOBE! and here I am feeling better than ever).

    • Ilan Szekely - 9 years ago

      For a long time I always get a failure (freeze at ca 85%)) of the automatic Flash installs.
      I found out that downloading the latest Flash install via MACUPDATE I get a version that asks for admin Password to install – and this DOES work.

      • Thank you for your helping hand but no, I’m not going to use anything like that. I’m a simple person, when it doesn’t work as it supposed to work, I’m not going to work to make it work. Do you know what I mean? Devices are to serve you, not you to serve them and that’s why I use an iPhone and a MacBook. It’s that simple.

  4. Gregory Ramsaran - 9 years ago

    “rough week”, I think it’s fair to say Adobe has had a rough couple of years in regards to Flash. I don’t know why they don’t issue an EOL target like is being pushed for. It’s obvious that Flash is a huge vulnerability and we know users don’t update as they shoutd.

  5. Graham J - 9 years ago

    It’s great that Safari requires the latest version, but in this case even that is not good enough.

    I think click-to-flash should be the default on all browsers and warnings should be displayed on click when a known vulnerability exists with the installed version.

    • PhilBoogie - 9 years ago

      Using C2F won’t help in this case, as webmasters still see that the client has Flash installed. Simply not installing it will result in webdesigners using an alternative.

  6. This is Mozilla trying to jump on a mini hype train. If they were serious about quality and security they’d permanently block Flash and be done with it. So they pay some lip service and next week everything will be back to the same garbage it was the week before.

    • Michael Paine - 9 years ago

      There are Firefox plugins to block Flash and allow the user to decide whether to run it for a web page. I have been using one since Steve’s “essay”. It is surprising how many web pages have multiple Flash scripts – creepy really

  7. And Apple need to get a little stronger in their messaging and actions too. Disabled by default, stronger warning to NOT install it. While they’re at it, default search engine set to DuckDuckGo on all versions of Safari, including ones for EOL OSes – make a patch.

    • “default search engine set to DuckDuckGo”

      Apple gets paid a heck of a lot of money by Google to default to their search engine. I can’t see why Apple would change the default. Users can change it manually if they want…

      • Charlypollo - 9 years ago

        Yeah but changing it manually is an excessive amount of work for sheeps. They prefer being spoon-feed anything that Apple decides to give to them. Like babies.

      • Or prefer living instead of worrying. Don’t you think Charly?

      • Andrew John - 9 years ago

        Hey Carly, it’s sheep, not sheets, but then nobody would expect anything intelligent from a troll.

  8. scumbolt2014 - 9 years ago

    Flash = ash

    Charllypolo = stupid douchbag

  9. gamesthatiplay - 9 years ago

    Flash has always had security loopholes. They do their best to patch them out, but I think the real issue is poor optimization. You can really waste a lot of RAM and bandwidth with some crappy Flash and a person that doesn’t know what they’re doing or is deliberately trying to break things.

    • Andrew John - 9 years ago

      They’re called security holes, not “loopholes”, and Adobe don’t do their best to “patch them out”. They wait for security companies to find the exploits and report them. I seriously think you don’t know what you’re talking about. Flash has always been a CPU hog, not a “waste of RAM” or bandwidth. Flash requires hardware acceleration to process its content not software acceleration, as HTML5 does. The only thing broke seems to be your brain.

      • gamesthatiplay - 9 years ago

        The Flash player has had an update once a week or so for years. At the most 6 weeks. The last one was yesterday. Although I doubt you’ll listen, you can always have hidden videos with no sound in a .swf file to waste bandwidth. When one video ends, start load another. Why just videos when .gifs waste far more bandwidth. Flash can use a lot of RAM like any other program. Its all about what it was programmed to do beyond the common CPU problems you describe.

    • Andrew John - 9 years ago

      You need to stop talking, your making yourself look stupid. It’s quite clear you don’t know a thing of what you’re talking about. Is english your second language, because nothing you write makes sense.

      • gamesthatiplay - 9 years ago

        You’re right. ActionScript is my first language. I hope you understood that.

  10. finngodo - 9 years ago

    I’ve had flash uninstalled for years. Video would be the only incentive to keep it, but just about every video platform out there supports hrml5 video. The only thing flash did for me is deliver annoying ads. Those ads disappeared when in removed it. Security issue or not, there’s no reason for it anymore.

    • PhilBoogie - 9 years ago

      Whenever I come across a Flash site that I actually want to see I grab my iPad. Oh, the irony.

    • Andrew John - 9 years ago

      You know if you enable developer mode in Safari, you can emulate the iPad Safari browser from the Mac, and trick the webpage into thinking you’re using an iPad.

  11. cleancutheadge - 9 years ago

    Flash was great before adobe put his dirty hands on it.

  12. I uninstalled Flash, Java & Silverlight last year. Every once in a while I hit a site that requires flash, but nothing important enough to cause me to reinstall. I’m done with all these unsafe plug-ins.

  13. standardpull - 9 years ago

    Google is THE major reason why Flash survives.

    Google knew Steve Jobs was right about the serious issues with Flash. But Google just wanted to promote a technology that Apple would not pursue for it’s customer’s sake.

    And so Google vocally promoted Flash as an important Android capability, and Google then baked Flash into Chrome to further promote it. All in hopes of chipping away at iOS.

    I can only image the Google executive conference room: To hell with customer security. To hell with customer safety. Let’s try to use Flash so that Apple customers will rebel.

    This was a shameful move by Google. Evil. Criminal.

  14. Was using Firefox for almost 8 years until they started with the FireChromification. Switched to Palemoon 3 months ago and haven’t looked back.

Author

Avatar for Zac Hall Zac Hall

Zac covers Apple news, hosts the 9to5Mac Happy Hour podcast, and created SpaceExplored.com.