Industry News

At last! Firefox puts another nail in Flash’s coffin

There has been another welcome step along the road to Adobe Flash’s funeral, with the release this week of a new version of the Firefox browser.

With Firefox 55 users will be forced to specifically give permission for the forlorn Flash browser plugin to run, giving surfers the ability to choose which websites they want to grant permission to play Flash content.

Why is that good news? Well, Adobe Flash has been riddled with security holes for years, and is perhaps the most commonly exploited piece of software on the planet.

Just this week Adobe has released critical security updates for Flash in order to prevent malicious attackers from exploiting a remote code execution flaw that could be used to infect victims’ computers with malware.

The fact that Adobe recently announced it would be no longer updating or distributing Flash after 2020 is unlikely to put online criminals off exploiting its security weaknesses anytime soon… which is why Firefox’s decision to allow users to choose which websites are able to run Flash code is warmly welcomed.

In addition, Firefox 55 only allows Flash to run on HTTP or HTTPS websites, blocking the execution of Flash content everywhere else (for instance, the ftp or file protocols.)

Firefox’s decision to bury Flash behind a “click-to-activate” option follows in the footsteps of the likes of Chrome, Safari and Microsoft Edge which have been switching users over to HTML5 by default since late last year.

It seems to me that the only people who love Flash these days are the criminals who keep exploiting it.

2020 can’t come fast enough for those of us who want a safer, Flash-free internet. If you can’t wait for your own corner of the internet to stamp out support for Flash, check that you have browser properly configured and uninstall any malingering copies from your computers.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

5 Comments

Click here to post a comment

  • Compare what you're saying about Flash to the Microsoft Windows OS. Only last week did Microsoft have to release patches to their latest Windows 10 OS to combat hackers. Surely then, you also look forward to Windows being phased out by 2020! Such a mercenary line on Flash is too strong IMO, since it still has its uses. HTML5 cannot render the shiny surface of my doughnut pie charts, for example, http://www.jacobsm.com/techgripe.htm#amchts

  • Warning: if you update to Firefox 55, your profile will be changed, and no longer work on lower versions. Read this,
    https://www.ghacks.net/2017/08/02/you-cannot-downgrade-firefox-55-profiles/