Eheka Pytyvõha

Emboyke pytyvõha apovai. Ndorojeruremo’ãi ehenói térã eñe’ẽmondóvo pumbyrýpe ha emoherakuãvo marandu nemba’etéva. Emombe’u tembiapo imarãkuaáva ko “Marandu iñañáva” rupive.

Kuaave

When will Firefox stop asking about upgrade my Adobe Flash?

  • 9 Mbohovái
  • 10 oguereko ko apañuãi
  • 6 Hecha
  • Mbohovái ipaháva James

more options

Simple as that, Firefox keep asking me to upgrade Adobe Flash because actual version is "Vulnerable" but even after upgrading, after a week or so, that new version is also vulnerable, and it never ends, it's happening over a year already, all the Adobe Flash versions from so on have been vulnerable.

Shouldn't Firefox assume the reality that Adobe will never create a Flash that isn't vulnerable and that users will have to deal with it?

Give as an option to stop this warnings, or if it's there, where?

Simple as that, Firefox keep asking me to upgrade Adobe Flash because actual version is "Vulnerable" but even after upgrading, after a week or so, that new version is also vulnerable, and it never ends, it's happening over a year already, all the Adobe Flash versions from so on have been vulnerable. Shouldn't Firefox assume the reality that Adobe will never create a Flash that isn't vulnerable and that users will have to deal with it? Give as an option to stop this warnings, or if it's there, where?

Moambuepyre A2020 rupive

Opaite Mbohovái (9)

more options

hi, sometimes the adobe updater doesn't properly clean up old versions of the flash player on the system & those vulnerable versions continue to get loaded by browsers. in firefox please enter about:plugins into the address bar and check if there is more than one version of the shockwave flash plugin listed there. if so you could attempt to delete the older one manually from the system (the about:plugins page should tell you the exact location of the plugin on your filesystem) or try using the uninstaller provided by adobe at https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html

more options

Yes, there is only one there.

Shockwave Flash

   Archivo: NPSWF32_19_0_0_245.dll
   Ruta: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll
   Versión: 19.0.0.245
   Estado: Habilitado (STATE_VULNERABLE_UPDATE_AVAILABLE)
   Shockwave Flash 19.0 r0
more options

ok, but this version is vulnerable for real & you wouldn't want to let any site you visit or any third-party code they'd contain to exploit a vulnerability on your system by default: https://helpx.adobe.com/security/products/flash-player/apsb15-32.html

so please update to the current version: http://www.adobe.com/go/getflashplayer

Moambuepyre philipp rupive

more options

Yes, but that's exactly what I mean, Version 16 was vulnerable, so Firefox asked me to upgrade to version 17, then 17 was vulnerable, they told me to upgrade to 18, so was 18 and so is now 19, if I upgrade to version 20, it will be not longer than 1 or 2 month till firefox will ask me to upgrade to version 21.

It's never ending, shouldn't Firefox let us disable this check it makes and let us use any version as they are all vulnerable.

Firefox can't guarantee that version 20 is safe, as we will know in few months they will ask us to upgrade again because it's vulnerable once again.

Just let us disable that checking and use any version we want.

Moambuepyre A2020 rupive

more options

flash versions will be blocklisted in firefox only once it is known that they get exploited in the wild. continuing to use vulnerable versions in this situation is a very bad idea, since they will be targeted by exploit kits and there is a high & real risk involved. just one real world example: https://blog.malwarebytes.org/malvertising-2/2015/04/booby-trapped-hugo-boss-advert-spreads-cryptowall-ransomware/

more options

https://addons.mozilla.org/en-US/firefox/blocked/

Until today Mozilla did not add Flash Player versions to blocklist since blocking 19.0.0.225 and older on Oct 21 even though 19.0.0.226 came out on Oct 16. This meant people could still use the last two previous updates (without the click to play soft blocking) even though they were vulnerable but not critical enough to warrant adding to blocklist till now.

Dec 8: Flash Player 20.0.0.235 Nov 10: Flash Player 19.0.0.245 Oct 16: Flash Player 19.0.0.226

The recent blocklist update was to block the previous updates that came out on Nov 10. https://addons.mozilla.org/firefox/blocked/ December 21, 2015: Flash Player Plugin 19.0.0.226 to 19.0.0.245 (click-to-play) (Windows/Mac version)

The above is about the Win/Mac version and not the ESR or Linux versions.

Moambuepyre James rupive

more options

Well just by taking a look at that list, you can clearly see what I'm talking about. Firefox have been blocking Flash Player since forever.

The problem is that Firefox can't complete remove Flash support from his browser, and decides to go with the flow, even when Adobe has proven to be incapable of releasing a version not vulnerable. And we not talking about minor bugfixes here, but as philipp mentioned "they will be targeted by exploit kits and there is a high & real risk involved."

So why Firefox still support a company that adds this kind of vulnerabilities to it's browser?

I guess it's simple, Firefox would disappear without Flash support and the best they can do is block the extension and ask users to upgrade to a newer version about 6 times or more in one year.

more options

Mozilla has been working on a "replacement" for Adobe Flash, so users can play SWF files using HTML5 technology. But it is nothing more than an experiment at this time. http://mozilla.github.io/shumway/

In the long run the goal is get rid of Plugins entirely. A goal of not only Mozilla, but by other web browser companies, too. But until that happens, Mozilla is doing the best that they can do, while keeping Firefox users as safe as it can by keeping users informed about vulnerabilities in Flash (and other Plugins) and recommending updates as they become available.

What's simple is to disable Flash or uninstall it completely and see if you can use the internet without having Flash. IMO, user expectations "demand" that Flash be available for Firefox. I have gone days without needing Flash, but couldn't do it forever. I just keep a separate installation and Profile around that has Flash, and use that desktop shortcut so I can use Flash. But that's just how I deal with it; not a recommendation of other users.

more options

A2020 said

Firefox have been blocking Flash Player since forever.

Not all of the time. Also Firefox the browser does not do the soft blocking.

Mozilla puts versions of Plugins (and even Extensions) on the blocklist when they are of severe Security and also stability and malware concerns enough to warrant dong so.

However Mozilla has not been soft blocking Flash Player All the time as Flash Player versions were not added to blocklist in period between Feb 2013 and updates in Dec 2014 because the vulnerabilities issues in Flash then were not severe enough to warrant doing so at the time. When Flash Player versions got added to list again for soft blocking in Dec 2014, it became apparent that many were still using some random old version of Flash (even as old as Feb 2013 since last blocklist update then) as they came here in December 2014 asking why their rather old versions was blocked by being made click to play.

look further down https://addons.mozilla.org/firefox/blocked/