Firefox blocks Flash, and Facebook calls for its death
By David Goldman @DavidGoldmanCNN
adobe flash logo
Adobe Flash, the much-loathed, bug-plagued relic of a browser plugin, just got a big nail driven into its coffin.
Mozilla blocked Flash by default in its Firefox browser late Monday night, a day after Facebook’s (FB, Tech30) security chief called for Adobe to kill Flash once and for all.
The Flash-bashing picked up last week after revelations that the spyware giant known as the Hacking Team had been using Flash to remotely take over people’s computers and infect them with malware. (That discovery took place after the Hacking Team was itself hacked. Documents revealed in the breach showed that the Hacking Team exploited two critical vulnerabilities in Flash’s code.)
“It is time for Adobe to announce the end-of-life date for Flash,” tweeted Facebook security chief Alex Stamos on Sunday.
Mozilla’s support chief Mark Schmidt quickly followed suit by tweeting that all versions of Flash had been turned off in Firefox. That means Firefox users will not be able to turn on the plug-in to access Flash content — they’ll have to seek out another browser if they need to use Flash.
Adobe (ADBE) did not immediately respond to a request for comment.
The good news for Firefox users is that most won’t notice a change. Just under 11% of websites use Flash, according to W3Techs, a technology survey company.
Flash is a type of software called “middleware,” an add-on extension to the browser that allows rich content to be viewed. It had been widely used a decade ago, powering most of the Web’s games, animations and videos. When YouTube launched in 2005, its videos were entirely Flash-based, requiring its audience to install the Flash plug-in software in order to watch YouTube media.
But the tide began to turn in 2010, when Steve Jobs wrote an open letter rant about Adobe’s security, blaming the company’s Flash player for being “the number one reason Macs crash” and citing Flash for having “one of the worst security records in 2009.”
Jobs was right — Flash does have a miserable security record, and continued to be bug-ridden long after publishing his open letter. It habitually tops Symantec’s annual list of vulnerable plug-in programs.
The iPhone never supported Flash. Though Android smartphones originally supported Flash — and used that fact as a selling point — Adobe killed Flash support for all smartphones in 2011. YouTube has been experimenting with playing videos natively in the browser several years ago and officially parted ways with Flash in January 2015.
Despite the clear momentum against Flash, Mozilla said there’s a chance that Flash will be re-enabled on Firefox some day.
“To be clear, Flash is only blocked until Adobe releases a version which isn’t being actively exploited by publicly known vulnerabilities,” Schmidt added.
So it’s not the final nail, but we’re getting closer to Flash’s death.
Related: This company sells spy tools to evil governments
Related: 1.1 million fingerprints exposed in hack
CNNMoney (New York) July 14, 2015: 11:19 AM ET