Just a day after Facebook’s Chief Security Officer Alex Stamos called for an immediate end to Adobe Flash, Mozilla has announced that all versions of Flash will be blocked by default on the open source Firefox browser.
The announcement came via a Twitter post from Mozilla’s head of Firefox support, Mark Schmidt, in the light of the recent hacking attack on Hacking Team, a company which sells spy tools. The attack exposed the loop holes and three large security vulnerabilities in Flash. Following up in a later announcement, Schmidt said that Flash would be enabled on Firefox one the “publicly known vulnerabilities” are resolved to satisfaction. Mozilla is currently experimenting with Shumway, a HTML5 rendering tool for playing Flash files. On the other hand, users who choose to ignore the security problems can enable Flash from their settings menu.
While Adobe has already acknowledged the problem and has promised a patch as early as next week, currently anyone trying to open Flash will see a message that says Flash Player plugin 220.127.116.11 (click-to-play) is “blocked for your protection,” with the added message, “When Mozilla becomes aware of add-ons, plugins, or other third-party software that seriously compromises Firefox security, stability, or performance and meets certain criteria, the software may be blocked from general use.”
After the recent exposures of malware in Flash, most of the big browsers have withdrawn Flash support, choosing instead to replace it with HTML5. YouTube is one of those who chose HTML5 as its default player while Google’s Chrome pauses any Flash video trying to run on its pages. Apple is already known for its hard-line policy for not supporting Flash at all on iPads and iPhones. It was Steve Jobs back in 2010 who had posted 6 reasons against Flash in a message called “Thoughts of Flash.” But the nail in the coffin so to speak is that Adobe itself stopped any development for Flash Player for mobiles because it just doesn’t match up to HTML5.