Mozilla has analyzed the traffic on its new page that instructs Firefox users to upgrade their Adobe Flash Player plug-in and announced that around half of them were running an insecure version. It was also revealed that an estimated 30% of those users chose to hit the update link.

On September 4, a few days before the release of Firefox 3.5.3 and Firefox 3.0.14, Mozilla's Head of Security, Johnathan Nightingale, announced that users who would upgrade to the new versions would also be instructed to update Flash Player. Mozilla decided to take this step in response to attacks targeting vulnerabilities in the popular Adobe product that had lately increased in number.

The check for an outdated version of the plug-in is being performed during the first run on the "whatsnew" Web page. Users found to be running vulnerable Flash Player versions get presented with a warning message and a direct link to Adobe's website from where the latest build can be downloaded and installed.

Ken Kovash, Mozilla's analytics chief, announced yesterday that around ten million clicks on the Flash Player update link had been registered during the first week after Firefox 3.5.3 and Firefox 3.0.14 were released. The number of users that landed on the en-US "whatsnew" page peaked on September 10, the second day after the release, when the page registered six million hits.

During that day, a bit over three million users were found to be running an insecure version of Flash Player and were served with the update message. Out of these, more than one million (35%) chose to click on the update link leading to Adobe's website. The click-through rate slowly decreased during the following days, reaching 27% on September 15.

Mozilla's previous Flash Player statistics, gathered by looking at mozilla.com's main traffic, suggested that 75% of the visitors were using an outdated version of the plug-in. These new, more accurate numbers put that estimation at 50%.

"While the Firefox whatsnew page generally sees a click through rate below 5%, the flash update link alone has generated a click through [average] rate north of 30%. Phenomenal!" Ken Kovash concluded. Johnathan Nightingale described the results as being "nothing short of awesome" and announced that, "We’re working to roll other plugins into our web-based checking, and the Firefox team is also building an integrated check that will let you know whenever a site you visit is trying to use an outdated plugin."