Mozilla blocks all Flash versions prior to 18.0.0.203

Jul 14, 2015 07:16 GMT  ·  By

Yesterday, Firefox developers added the Flash Player Plugin 18.0.0.203 and prior versions to the list of blocked extensions on Mozilla's website. This means all Flash content will be disabled on a website and users will have to "click-to-play" it.

Today, just a few minutes ago, Adobe released a new version of Flash, 18.0.0.209, aimed at fixing the reported security issues, and at getting the Flash extension off the blacklist.

Updating to this new version is recommended since Flash 18.0.0.209 fixes two crucial zero-day vulnerabilities: CVE-2015-5122 and CVE-2015-5123.

Two more Hacking Team zero-day vulnerabilities are at fault

The first, CVE-2015-5122, patches an issue from the Hacking Team leak that details "constructs for exploiting the Use-After-Free vulnerability in DisplayObject.opaqueBackground."

The second, CVE-2015-5123 also comes from the Hacking Team leak, was discovered by the Trend Micro team, and "is also of valueOf trick bug," but "involves the BitmapData object."

According to Adobe, both these vulnerabilities "could cause a crash and potentially allow an attacker to take control of the affected system."

CVE-2015-5122 and CVE-2015-5123 affected Flash versions 18.0.0.203 and earlier, on all operating systems which, when it was reported, meant all Flash versions.

It is time for Adobe to announce the end-of-life date for Flash (Alex Stamos, Facebook CSO)

Since the vulnerabilities were reported on July 10 and were not addressed by Adobe for a few days, Mozilla went on to pull the rug from under Flash's feet and blocked the extension by default for all users.

"All versions of Adobe’s Flash Player plugin are currently vulnerable" was the message blasted across the Firefox add-on screen, and Adobe took another hit to its reputation, which is beginning to be a normal thing these days.

It was only yesterday when Alex Stamos, Facebook chief security officer, was calling out Adobe to put out a plan to discontinue and kill off Flash, and now Mozilla didn't seem to have any kind of problem from blacklisting one if its most popular extensions.

The time when we're all going to get tired of constantly updating Flash is getting nearer and nearer, and maybe Mr. Stamos and the late Steve Jobs have a point. The time has come for HTML5.  

Mozilla blocks all Flash versions prior to 18.0.0.203 for security reasons
Mozilla blocks all Flash versions prior to 18.0.0.203 for security reasons

Mozilla blocks Flash Player 18.0.0.203 and earlier versions (2 Images)

Mozilla blocks all Flash versions prior to 18.0.0.203
Mozilla blocks all Flash versions prior to 18.0.0.203 for security reasons
Open gallery