Mozilla Blocks Flash, Encourages HTML5 Adoption
Following Adobe's advice that two critical vulnerabilities would potentially allow attackers to take control of affected systems, Mark Schmidt, Firefox's head of support, announced the move on Twitter.
Schmidt Tweeted: "BIG NEWS!! All versions of Flash are blocked by default in Firefox as of now." His message was shared more than 2,750 times.
On Hacker News, in the discussion Firefox makes click-to-activate Flash the default Schmidt explained that it was more accurate to call it "enforced click-to-activate" -- and that Firefox users could still opt-in to using Flash, saying user choice was the number one priority at Mozilla.
Schmidt said: "We regularly block vulnerable plugins. What made this block different was that we did it before Adobe made an update available. Now that Adobe has released an update, it is no longer true that every version of Flash Player is blocked in Firefox. However, we're glad to see the conversation this has sparked."
In the official statement Resolution for Recent Flash Player Vulnerabilities Adobe's corporate communications said:
A few days ago we were notified of two vulnerabilities within the Flash Player. Upon investigation, we confirmed and fixed the issues, and took steps to ensure that this class of attack cannot be used as a future attack vector.
Flash Player is one of the most ubiquitous and widely distributed pieces of software in the world, and as such, is a target of malicious hackers. We are actively working to improve Flash Player security, and as we did in this case, will work to quickly address issues when they are discovered.
Mozilla aren't the only company critical of Flash this week. In a separate incident, Alex Stamos -- Facebook's new chief security officer -- tweeted it was time "for Adobe to announce the end-of-life date for Flash."
Others in the community were less sure about blocking Flash.
Technology should be replaced by better technology. I've written games for all kinds of platforms: Some of those platforms offer write once, run everywhere. On other platforms every device has it's own quirks and you have to test on every device and implement workarounds.
You might not like Flash, but it is great at running on every platform/browser with the same code base. If you test it on one platform, it runs on all others. (Adobe is also very good at keeping it backwards compatible)
Now, I ask you, what's the alternative for Flash? Does HTML5 offer write once, runs the same on every platform/browser(version!)? No it doesn't, and it never will.
The latest update of Flash is now enabled by default in Firefox.