2 min read

At last! Firefox puts another nail in Flash's coffin


August 10, 2017

Promo Protect all your devices, without slowing them down.
Free 30-day trial
At last! Firefox puts another nail in Flash's coffin

There has been another welcome step along the road to Adobe Flash’s funeral, with the release this week of a new version of the Firefox browser.

With Firefox 55 users will be forced to specifically give permission for the forlorn Flash browser plugin to run, giving surfers the ability to choose which websites they want to grant permission to play Flash content.

Why is that good news? Well, Adobe Flash has been riddled with security holes for years, and is perhaps the most commonly exploited piece of software on the planet.

Just this week Adobe has released critical security updates for Flash in order to prevent malicious attackers from exploiting a remote code execution flaw that could be used to infect victims’ computers with malware.

The fact that Adobe recently announced it would be no longer updating or distributing Flash after 2020 is unlikely to put online criminals off exploiting its security weaknesses anytime soon… which is why Firefox’s decision to allow users to choose which websites are able to run Flash code is warmly welcomed.

In addition, Firefox 55 only allows Flash to run on HTTP or HTTPS websites, blocking the execution of Flash content everywhere else (for instance, the ftp or file protocols.)

Firefox’s decision to bury Flash behind a “click-to-activate” option follows in the footsteps of the likes of Chrome, Safari and Microsoft Edge which have been switching users over to HTML5 by default since late last year.

It seems to me that the only people who love Flash these days are the criminals who keep exploiting it.

2020 can’t come fast enough for those of us who want a safer, Flash-free internet. If you can’t wait for your own corner of the internet to stamp out support for Flash, check that you have browser properly configured and uninstall any malingering copies from your computers.




Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.

View all posts

You might also like