Mozilla has blocked the Flash plug-in by default on its Firefox browser, after a host of bugs were found that were being used by criminals to attack users.
Mozilla said the block may only be temporary, suggesting it may reverse its decision if Flash’s developer Adobe fixes the security flaws. Other tech companies including Apple have long blocked the plug-in, which is used to show videos, adverts and other multimedia content online.
The move follows leaks from Italian IT security company Hacking Team, which was – rather ironically – hacked in early July. Documents released by the hackers show the group had on file several Adobe flaws, which could be used to target users when a browser uses the plug-in.
Adobe has rushed to fix some of the flaws, but Flash is always a major target for hackers, which is why Apple won’t let it run on iPhones and iPads. Google’s Chrome is set to start blocking Flash adverts from playing by default, but Google says this isn’t for security-related reasons, but rather to make sure it doesn’t weaken battery life on phones and tablets.
How will it affect you?
The change doesn’t mean you can’t use the Flash plug-in; it simply means Flash multimedia content will no longer play by default. If you load a web page in Firefox that has Flash content, the browser will show a pop-up bar with the message: “Firefox has prevented the unsafe plug-in ‘Adobe Flash’ from running”. In the banner, there is a button to “allow” it to play, though before clicking you’ll want to think twice to make sure you trust the source. You’ll be able to let Flash run just that time, or turn it back on permanently.
The tide does seem to be turning against Flash, though. Chrome’s advert ban could be the final nail in the coffin for the beleaguered plug-in because it may force advertisers to switch to HTML5, a different – and potentially safer – way of displaying multimedia content. Netflix and YouTube already use HTML5, for example.
As a web user, you probably won’t notice the difference between Flash and HTML5. Your videos will play the same criminals. You can turn off Flash yourself in Chrome by typing chrome:plugins into the address bar, and then clicking the Enable/Disable link under Adobe Flash.
What do we think?
Mozilla’s decision was overdue. Five years ago, Apple’s then-CEO Steve Jobs wrote an open letter with his “thoughts on Flash”, explaining the many reasons why his company was dropping the software. Its poor security was just one point of several.
At the time, many criticized Jobs for trying to control the web, but he appears to have been correct in picking HTML5 over Flash. Five years on, others have followed suit. Mozilla and Google have taken steps away from Flash, and major online video sites already favor HTML5.
The whole debate highlights how slowly the web evolves. It’s been well known for years that Flash has severe flaws, but it’s taken too long for web companies to move to a better, safer alternative. In the meantime, users have been left using software at regular risk of being hacked. It’s time for all websites and browsers to drop Flash, especially since moving to HTML5 is so smooth most users wouldn’t even notice it happening.