Mozilla is blocking Adobe Flash from being run in the Firefox browser following a series of serious security flaws in the software. As of the most recent update all versions of Flash identified with a vulnerability have been blocked by default in order to keep the browser secure, Firefox support head Mark Schmidt advised on Twitter, though he also clarified the block is not permanent, and will be lifted in the event Adobe releases a new, more secure version.
If Adobe does create a version that isn’t “being actively exploited by publicly known vulnerabilities,” according to Schmidt, the plugin will be reactivated for use. Despite the block, The Verge notes users are able to turn Flash back on within Firefox’s settings, though they put themselves at risk.
The flaws identified in Flash only recently came to light after 400GB of data from Hacking Team, a group of commercial security attackers that sold exploits to government agencies, was publicly leaked. The data release comes after another critical flaw was patched in June, one actively being used by a Chinese group to steal intellectual property from foreign entities.
Ars Technica reports Adobe has brought out yet another Flash patch this morning to close two new vulnerabilities caused by the Hacking Team leak, bringing Flash to version 18.0.0.209.
While Apple routinely disables older versions of Flash to prevent exploits, users of pre-OS X 10.6 Macs are advised to disable Flash functionality entirely. Online services are also slowly dropping support for Flash and switching to other technologies, such as YouTube’s change to using HTML5 by default in January.
