Firefox Blocks Adobe Flash Player Plugin Due To Unpatched 3rd Zero Day Vulnerability.
Some of the places user didn't see the videos due to block. Exploits for these vulnerabilities were found in the information taken from HackingTeam in the assault revealed a week ago.
Adobe expected to patch these flash Zero days in this week, but at the meantime Adobe disabled all versions of plugin.
Adobe released 184.108.40.206 update version for flash player plugin today
In the Mozilla Statement,
"All versions of Adobe’s Flash Player plugin are currently deactivated by default, until Adobe releases an updated version to address known critical security issues."
Last week we reported Hacking Team was hacked and 400GBs Data Leaked. These zero days comes out from these leaks.
Firefox officially Tweeted,
We are committed to protecting our users from security risks. That's why–following an Adobe alert–we temporarily blocked #Flash in Firefox.— Firefox (@firefox) July 14, 2015
New Facebook Chief Security Officer (CSO) Alex Stamos tweeted,
It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.— Alex Stamos (@alexstamos) July 12, 2015
In the Statement of Adobe,
"Security Advisory for Adobe Flash Player
Release date: July 10, 2015
Last Updated: July 12, 2015
Vulnerability identifier: APSA15-04
CVE number: CVE-2015-5122, CVE-2015-5123
Platform: Windows, Macintosh and Linux
Critical vulnerabilities (CVE-2015-5122, CVE-2015-5123) have been identified in Adobe Flash Player 220.127.116.11 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe is aware of reports that exploits targeting these vulnerabilities have been published publicly. Adobe expects to make updates available during the week of July 12, 2015."
By playing any flash content in Firefox, top of the browser windows can read
"Firefox has presented the unsafe plugin 'Adobe Flash' from running on the target URL."