Wiebke Lips, Senior Manager of Corporate Communications at Adobe, explained to that Firefox today runs Flash Player and several other plugins in a separate process called plugin-container.exe. The new Flash Player sandbox for Firefox is currently in a public beta and it aims to go beyond the process protections that Mozilla already affords to plugins. After first appearing in Google’s Chrome browser, the Flash sandbox is now on its way to Mozilla’s Firefox. While Adobe rapidly moves to fix urgent flaws as they emerge, they have also been moving towards a sandboxing approach that mitigates the risk of any potential flaws in Flash. It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.Adobe’s Flash Player plugin is among the most attacked pieces of software on the Internet today.
How many more zero-day vulnerabilities can Adobe withstand?īIG NEWS!! All versions of Flash are blocked by default in Firefox as of now. As HTML5 and other open Web technologies continue to mature, there's less and less reason to use Flash.
Antipathy for Flash has reached the point where even some of the largest Web service providers wouldn't be too fazed if it faded ignominiously into the shadows. Make sure you deselect the McAfee checkbox.Īdobe needs to be careful. If you're a Firefox user and Flash is still blocked, you'll need to manually update to 18.0.0.209 or newer from the Adobe website. With hundreds of millions of Firefox users vulnerable, Mozilla boldly decided to blacklist the current version of Flash. One of the zero-days was patched quite quickly, but two further zero-days that were publicised on July 10 went unfixed for three days. Meanwhile, over at Facebook, the company's new chief security officer called for Adobe to "announce an end-of-life date for Flash," so that we can finally "disentangle the dependencies and upgrade the whole ecosystem."Īnd if two Web giants weren't enough, Google recently announced that the next stable version of Chrome would "intelligently" block auto-playing Flash elements.Īdobe has been scrambling to fix a number of Flash vulnerabilities since they were first exposed by the massive leak of Hacking Team internal documents last week. Yesterday, because of two unpatched Hacking Team zero-day vulnerabilities, Mozilla blacklisted Adobe Flash Player 18.0.0.203, meaning Flash was disabled by default in Firefox. This morning, just a few moments ago, Adobe rushed out version 18.0.0.209, plugging the two vulnerabilities. There's some drama going down in the Flash camp.
0 kommentar(er)
