Mozilla has added all versions of Adobe Flash up to the most recent version 18.104.22.168 to the Firefox blocklist.
Security researchers have discovered vulnerabilities in recent versions of Adobe Flash that have not been patched yet by Adobe but are exploited in the wild. In particular, several exploit kits are already making use of it to serve crypto-ransomware to systems running Adobe Flash.
The blocklist lists browser extensions, plugins and other components that are blocked automatically by Firefox either directly or sometimes in the case of plugins, by setting them to "ask to activate".
The Flash vulnerability affects all versions of Flash on Windows, Linux and Macintosh systems.
Firefox displays a warning message on its plugins management page that Flash is vulnerable. As you can see on the screenshot below, Shockwave Flash has been set to "ask to activate" and not blocked permanently.
The difference between "ask to activate" and "never activate" is that Flash is not blocked completely in the former state which means that Flash contents can still be accessed in the browser. While that requires an extra click, it ensures that code on websites cannot exploit the vulnerability automatically without user action.
Options to switch the state are not available due to Flash being on the browser's blocklist.
Firefox displays a warning in the browser whenever Flash contents are embedded on a web page:
Firefox has prevent the unsafe plugin "Adobe Flash" from running on [website url].
The prompt displays options to allow the plugin on the page. If selected, Flash contents will be loaded and can be used just like before.
The blocklist update may not have been deployed on all Firefox machines. You may request a manual update of the blocklist at any time using the method below:
The blocklist should update if updates are available. If you have Flash installed in Firefox you should see the vulnerability warning now in the plugin manager of the browser.
Additional information about the blocking are available on [email protected].
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.