As the fallout of the Hacking Team breach (see post) continues, the Mozilla Foundation is taking the bull by the horns. Right now there are at least two Flash zero day vulnerabilities that Adobe has not patched. As people continue to go through the Hacking Team data dump, we may find more.
As a result, The Mozilla Foundation has opted to block all versions of Flash, in all versions of Firefox, on all platforms.
If you go to a web site that uses Flash, including ads, this is what you will see:
Not only does this impact sites – like CNN – that use flash for content, but also the huge number of ads that are Flash based.
Users can click on the link in the middle of the page to allow the content, but I would expect that few users will do that.
To add to Adobe’s woes, Facebook called for Adobe to End-of-Life Flash.
From a user standpoint, users should expect web sites to load faster as all the Flash content no longer has to be downloaded.
If the zero days continue to appear, Adobe will be between a rock and a hard place. Flash has tried to be all things to all people – doing insane things under the covers – which has turned it into a security nightmare.
Personally, I was planning on disabling Flash until all this settles down. The Mozilla Foundation did it for me.