Version 18.104.22.168 of Flash and all prior now blocked by Mozilla for all systems.
The guys over at Mozilla have had enough of Flash and its never-ending vulnerabilities. So they decided to add Flash to the list of blocked extensions on their website. The versions affected are 22.214.171.124 and all before it. Now users have to use the click-to-play feature if they want to view any content through Flash. It goes without saying that using Flash is not encouraged though.
The problem was that version 126.96.36.199 did not address two crucial zero-day vulnerabilities that affect earlier versions of the extension, as well: CVE-2015-5122 and CVE-2015-5123.
Both of these vulnerabilities were featured in the Hacking Team leak. CVE-2015-5122 and CVE-2015-5123 are both use-after-free flaws. If exploited, attackers can cause a crash, send malicious code to your PC, and eventually take it over.
The existence of these vulnerabilities was reported on July 10, but Adobe failed release any kind of statement regarding the new findings. This prompted Mozilla to take matters into its own hands by blocking version 188.8.131.52 and all prior.
Adobe did release version 184.108.40.206 earlier today to address the issues.
Before that, whenever users went to the Firefox add-on page, they could read the following message: “All versions of Adobe’s Flash Player plugin are currently vulnerable.” It goes without saying that this was no small hit for Adobe’s reputation and that of its product.
This Is Not the First Time Flash Has Been Criticized for Its Poor Security
The late Steve Jobs released a statement in 2010 in which this very issue was addressed. Saying that Flash had “one of the worst security records in 2009.”
Now Facebook’s Chief Security Officer, Alex Stamos, addressed the issue via his Twitter account, saying that it is time to kill off Flash.
As it is obvious, more and more tech giants are getting fed up with Flash. It is possible that the time when everyone abandons it altogether is not far away.