# Flash blocked by Firefox,now in the crosshair of big players

## el muchacho

Yesterday, Firefox took quite a bold move by blocking by default the Adobe Flash plugin after a few holes were made public.

A few big players tweeted that they were fed up with Flash:

 *Quote:*   

> It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.
> 
> [Facebook CSO]

 

I use the official adobe-flash-player package, but I started trying HTML5 for Youtube but it's s a shame we can't get resolutions higher than 360...

It also looks like Adobe is the new Microsoft in terms of IT security now. I recently learnt that Adobe Acrobat Reader has more lines of code than Linux Kernel.

----------

## Roman_Gruber

flash had security issues since i can remember.

qlist -Iv Flash

nothing  :Smile: 

I think google-chrome ships its own implementation for it..

https://developer.chrome.com/multidevice/faq

 *Quote:*   

> What version of Flash is supported on Chrome for Android?
> 
>     Chrome for Android will not be supporting Flash. As you may have seen in November, 2011, Adobe announced it has stopped investing in Flash for mobile browsing. Google has long been committed to making the web platform more powerful through open web technologies like HTML5 and is working with Adobe and other partners to further advance the web standard.

 

I wait for the time when adobe flash dies. Binary which had security holes for ages. 

A month google chrome on android could render videos another months not. now it works again. sigh.

its time for html5 anyway

----------

## Naib

 *tw04l124 wrote:*   

> flash had security issues since i can remember.
> 
> qlist -Iv Flash
> 
> nothing 
> ...

 

Google does not ship its own implementation, they ship a pepper interface version of flash provided by Adobe

----------

## The_Great_Sephiroth

They need to kill it. I am sick of Flash updates all the time! Do you know how annoying it is to manage five or six domains, all of which have Flash deployed via GPO? It is torture! I feel the same way about retarded "rapid release cycle" projects. This includes Firefox, Thunderbird, and Chrome. How many versions of FF have been pushed just to increment the version number with no fixes so they can claim to be on par with Chrome? After all, a higher number means better to an idiot!

Ranting aside, Flash is also slow and bloated now. It is used for things it was never envisioned to be used for and it keeps various users from seeing your content (Android? iOS?). I wish they'd just get rid of it and let innovation for a replacement thrive.

----------

## davidm

All that needs to happen to kill it is that sites quit using it.  I'm not sure that trying to kill it at the browser level is the way to go.  I think this sets a bad precedent. 

The trouble with killing flash is it is still used by many sites and not just for things like ads.

----------

## genterminl

What I don't get is that I have flash 11.2.202.481 installed, and Firefox claims it's blocking all versions <=11.2.202.424, but it is still blocking flash for me.  While I agree I'd rather get rid of it totally, I'm not there yet, and this block is just annoying.  Is there some version numbering bug in either flash or firefox (firefox-bin 38.1.0)?  Is there any point in going to 39.0?

----------

## sebB

 *el muchacho wrote:*   

>  I use the official adobe-flash-player package, but I started trying HTML5 for Youtube but it's s a shame we can't get resolutions higher than 360... 

 

Enable the gstreamer USE in firefox. You'll have 720p in youtube.

----------

## Aiken

I have been removing adobe flash from my computers. It is useless to me at the moment and had been getting worse as time went on. Do not have a tv and if there is anything I do want to watch the 2 local tv stations put their shows on the net for a week or 2 so I can still watch what I want but when I want instead of when it is broadcast. Both of those tv stations rely on flash. One of them broke compatability with flash 11.2 awhile back which has already meant a partial move to chrome from firefox. Adobe flash being disabled means more chrome time with the other tv station. Using html5 with youtube. Leaving me with no reason to have the 11.2 flash installed anymore. The 2 tv stations are the only reason I have anything capable of using flash and if I used my tablet for them I would have no need for any install of flash.

The recent cut down of ads and auto playing videos has been a bonus from this change. When on a congested adsl link or using 3g where quota is a concern autoplaying videos are very much unwanted.

----------

## depontius

I certainly sympathize with the desire to get that bug-ridden PoS off of every computer.  But my wife was upstairs earlier today struggling with the Macy's web site, and just now with the United web site.

Flash is very deeply ingrained.  That doesn't mean we shouldn't get rid of it.  I guess my part will be complaining to the webmasters for Macy's and United, probably not tonight, hopefully Friday.

----------

## Roman_Gruber

 *Aiken wrote:*   

>  ... 

 

adblocker helps a bit in this regard. 

in the past I always checked the domain and added it by hand and so over the time the ads vanished magically.

```
head -100 /etc/hosts

# /etc/hosts: Local Host Database

#

# This file describes a number of aliases-to-address mappings for the for 

# local hosts that share this file.

#

# In the presence of the domain name service or NIS, this file may not be 

# consulted at all; see /etc/host.conf for the resolution order.

#

# IPv4 and IPv6 localhost aliases

127.0.0.1   localhost

#127.0.0.1       http://www.facebook.com https://www.facebook.com www.facebook.com facebook.com

127.0.0.1       *.microsoft.com

... and much much more

```

chrome has a plugin called flashcontrol. i have to click on a flash box so it starts playing. it is less disturbing as i have to start myself flash playback. youtube and my webradio services are whitelisted anything else i hardly need.

 the javascript switcher is hardly in use because else no page really works  :Sad:  Honestly I have not bothered yet how to tweak it to usability

----------

## figueroa

How does my old version of Firefox (up to date, firefox-bin from May 25) know it is supposed to block Adobe Flash? This sounds like extremely intrusive behavior on the part of Firefox.

----------

## el muchacho

 *figueroa wrote:*   

> How does my old version of Firefox (up to date, firefox-bin from May 25) know it is supposed to block Adobe Flash? This sounds like extremely intrusive behavior on the part of Firefox.

 

Indeed, it would be good to know exactly what liberties Firefox take when communicating with its Headquarters !

----------

## ppurka

 *el muchacho wrote:*   

> I use the official adobe-flash-player package, but I started trying HTML5 for Youtube but it's s a shame we can't get resolutions higher than 360...

 Youtube html5 works very well and supports all resolutions for quite a while now. With Chrome it is very smooth and it's  almost not possible to tell the difference from flash. With firefox, it is a bit laggy when going fullscreen or vice verse, otherwise it is also indistinguishable from flash.

----------

## Apheus

 *el muchacho wrote:*   

>  *figueroa wrote:*   How does my old version of Firefox (up to date, firefox-bin from May 25) know it is supposed to block Adobe Flash? This sounds like extremely intrusive behavior on the part of Firefox. 
> 
> Indeed, it would be good to know exactly what liberties Firefox take when communicating with its Headquarters !

 

I think mozilla do it via their blocklist. Which can be disabled by setting "extensions.blocklist.enabled" to false in "about:config".

----------

## Aiken

 *tw04l124 wrote:*   

> 
> 
> adblocker helps a bit in this regard. 
> 
> 

 

With 3 desktops + 4 laptops I use the url rewrite functionality of squid. This prompted me to check the commit log. Using a redirector with squid that I started writing just over 15 years ago. Wanted filtering in a central place and ads are not the only thing blocked. No more flash in firefox has made this a bit easier. Where having a redirector on squid falls down is sites moving to https and with squid not seeing the urls it can not filter them. Was very obvious with a site I used to frequent that recently moved from http to https. I had forgotten how annoying the number of ads and the number of flashing ads were in that site. Flashing or animated ads go bye bye. I don't block everything but there comes a point where the ads detract too much and it is either give up on the site or block the ads.

A couple of days on and no complaints yet about the lack of flash on the computers. People were already used to using chrome for the 1 tv station instead of firefox so nothing new there.

----------

## Cyker

Unfortunately vast amounts of education stuff uses Flash with no alternative so if it did get killed off we'd just be stuck with old versions that are even more vulnerable but still forced to use.

HTML5 is just as big a PITA as Flash IMHO; Support is patchy at best and, in effect, HTML5 just replaces Flash with Chrome if you actually want it to work.

As for the PITA of keeping it up to date, this applies to everything on-line so I don't see why Flash gets singled out; Chrome, Firefox, Java - All have repeated frequent updates. Heck, doesn't Gentoo fall into this category too?

This frequent cat and mouse cycle of vulnerability/fix is just the sad reality of the modern networked world.

----------

## Roman_Gruber

I think HTML5 is open source, right?

and we all know what a crap closed source things are like Flash / ati drivers / nvidia -drivers... security holes, support dropped when the company does not want to support things anymore.

Thats the reason i use something else as that noobisness 7/8 and yay free upgrade to noobishness 10 for free, but eh only for a year valid,  :Razz: 

----------

## Hu

HTML5 is just a specification of browser technologies.  Browsers can do a good job or a bad job of implementing it securely.  Browser vendors still have a habit of dropping support for old versions of their browsers, but you have a choice of which browser to use for your HTML5 renderer and you have the option to upgrade to a newer version of the browser.  However, much like the closed video drivers, some browser vendors have a habit of removing features prematurely or making other unwanted changes (e.g. Firefox Australis, Firefox social media integration), so sometimes telling the user "just upgrade to the latest version" is not met with enthusiasm.

----------

## greyspoke

I have had some flash version number confusion.  Recently updated flash to v. 11.2.202.491, Firefox recognises it so doesn't keep bugging me about it, Seamonkey still thinks I am using 11.2.202.481, so some sites won't play at all.

Thanks Apheus - I have disabled the blocklist and it now works.

----------

## Apheus

 *greyspoke wrote:*   

>  Seamonkey still thinks I am using 11.2.202.481, so some sites won't play at all.

 

Better check the exact plugin library path with seamonkey in about:plugins, and compare to firefox. Should be 

 *Quote:*   

> /usr/lib64/nsbrowser/plugins/libflashplayer.so

 

Not that there is an obsolete and insecure version laying around which seamonkey picks up.

----------

## greyspoke

Thanks Apheus, both Seamonkey and Firefox list the same file (/usr/lib64/nsbrowser/plugins/libflashplayer.so, the only file in that directory) in about:plugins.  I guess Seamonkey is using the newer plugin, just not retrieving the version from it, or not doing so correctly

----------

## greyspoke

So I moved libflashplayer.so, stopped Seamonkey, started it again (when about:plugins reported no plugins installed), stopped Seamonkey, moved the file back, started Seamonkey and about:plugins reports the correct version and Seaminkey behaves itself  :Very Happy:   I guess it remembers the version number but doesn't re-check it unless it thinks it needs to.  And doesn't think too clever at that point.

----------

