Mozilla blocks Flash

Mozilla blocks Flash as Facebook security chief calls for its death article says that after yesterday’s news that Facebook’s new chief security officer wants to set a date to kill Flash once and for all, the latest version Mozilla’s Firefox browser now blocks Adobe’s vulnerability-riddled software as standard.

 

3 Comments

  1. Tomi Engdahl says:

    Kill Flash now? Chrome may be about to do just that
    Google browser preparing to close the internet’s screen door
    http://www.theregister.co.uk/2016/05/13/kill_flash_now_chrome_may_be_about_to_do_just_that/

    Google’s Chrome web browser could be disabling all Flash content by default before the year’s out.

    El Reg has learned that developers with the Chromium Project are working on a new feature known as ‘HTML5 by Default’.

    The move could help to keep users safe by locking off a favorite target for web-based malware exploits.

    As its name suggests, the feature would set Chrome to run the HTML5 version of web pages by default. If not available, the browser would then check for Flash content and ask the user to manually approve it before loading.

    This would, in effect, seal off Flash content from the user unless absolutely necessary, though Chromium developers do note that they plan to exempt the top 10 domains that use Flash for one year in order to reduce impact of the blockade

    Reply
  2. Tomi Engdahl says:

    Emil Protalinski / VentureBeat:
    Google plans to make Flash plugin click-to-play by default in Chrome in Q4’16, rendering HTML5 instead when available, except for 10 top sites relying on Flash

    Google targets HTML5 default for Chrome instead of Flash in Q4 2016
    http://venturebeat.com/2016/05/15/google-targets-html5-default-for-chrome-instead-of-flash-in-q4-2016/

    Google has outlined a plan to push HTML5 by default in Chrome, instead of Flash. In Q4 2016, the company plans to only serve Flash by default for the top 10 domains that still depend on the plugin. Chrome will display the HTML5 experience if it’s available, but if Flash is required, the user will be asked whether Flash can be allowed to run or not.

    Flash has been on its way out for years. Not only is the tool a security nightmare, with new vulnerabilities popping up regularly, the market has been slowly but surely moving away from plugins in favor of HTML5. Chrome and Flash, in particular, have had a complicated relationship.

    While Flash is included in Google’s browser by default, it has been slowly but surely de-emphasized. In September 2015, Chrome 45 began automatically pausing less-important Flash content (ads, animations, and anything that isn’t “central to the webpage”). Now, Google wants to focus on the central content, such as games and videos.

    Flash Player will come bundled with Chrome, however, its presence will not be advertised by default, namely in Navigator.Plugins() and Navigator.MimeTypes().

    If the user allows Flash Player to run, Chrome will store that preference and refresh the page with Flash enabled. For sites that direct users to download Flash, Chrome will intercept the request and instead present the “Allow Flash Player …” infobar, directing users back to the prompt.

    Intent to implement: HTML5 by Default
    https://groups.google.com/a/chromium.org/forum/?_escaped_fragment_=searchin/chromium-dev/HTML5$20by$20default/chromium-dev/0wWoRRhTA_E/__E3jf40OAAJ

    Reply
  3. Tomi Engdahl says:

    Catalin Cimpanu / BleepingComputer.com:
    Percentage of Chrome users who’ve loaded at least one page containing Flash content per day has dropped from 80% in 2014 to under 8% today, according to Google

    Google Chrome: Flash Usage Declines from 80% in 2014 to Under 8% Today
    https://www.bleepingcomputer.com/news/security/google-chrome-flash-usage-declines-from-80-percent-in-2014-to-under-8-percent-today/

    The percentage of daily Chrome users who’ve loaded at least one page containing Flash content per day has gone down from around 80% in 2014 to under 8% in early 2018.

    Adobe to stop supporting Flash by the end of 2020

    Flash’s demise was to be expected, though. Adobe announced last year plans to stop supporting the Adobe Flash Media Player by the end of 2020.

    But while Chrome, Firefox, Edge, and all major browsers have already moved from a Flash-enabled-by-default to a Flash-click-to-play policy since last year, the massive drop in Flash usage numbers is a huge surprise for most industry experts.

    This big drop could, at least in theory, be explained by the fact that most advertising networks and video streaming portals have moved away from Flash to HTML5, meaning most people can go days before encountering a website that still loads some kind of Flash object.

    On the other hand, Flash’s market share —the number of computers with Flash installed— is most likely still pretty high.

    Flash to be removed completely in Chrome 87

    For Chrome, this means Chrome 87, expected to be released in December 2020, which is the industry-agreed cutoff date when Adobe will stop shipping updates and when other browsers also agreed to remove Flash from their stable branches as well.

    However, cutting down Flash usage is not Chrome’s only major win these past years. Just earlier this month, Google announced that more than 68% of Chrome traffic on both Android and Windows and over 78% of Chrome traffic on both Chrome OS and Mac, is now being sent via HTTPS. Because of this, the company plans to show a “Not Secure” label for all HTTP sites starting Chrome 68, to be released in July this year.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*