In association with heise online

03 September 2009, 16:12

Mozilla to protect Adobe Flash users - Update 2

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Firefox's Flash Warning
Zoom Firefox's Flash Warning
The upcoming Firefox 3.5.3 and Firefox 3.0.14 releases, currently in beta, will check the version of Adobe Flash plug-in installed in the browser and warn the user if that plug-in is out of date. Johnathan Nightingale, "Human Shield" (Security Lead) at Mozilla confirmed the new security feature to The H and said that the Flash version check was part of a wider commitment to "protect users from emerging threats online".

Mozilla is the first browser company to recognise that Adobe's Flash Player needs regular checks and updating. It is estimated that 80 per cent of users surf with a vulnerable version of Adobe's plug-in. A zero day vulnerability discovered in Flash Player in July took almost a week to fix.

The H noted the addition of the feature this morning, when on start up, a recently upgraded Mac OS X system running the beta of Firefox 3.5.3 displayed a warning page. Firefox had correctly identified a problem with an out-of-date version of Adobe's Flash Player which shipped with Apple's new operating system. The page displayed contained a button which when clicked started the update process. The H contacted Mozilla and they confirmed that the new feature will be appearing in Firefox 3.5.3 and 3.0.14.

Update - Further research into the implementation of the Flash checking shows that it is not built into Firefox itself, but into the What's New landing page on Mozilla's site. This, or a similar page, would be automatically displayed whenever Firefox is updated. JavaScript code in the page checks the flash version and displays appropriate update links. Whether Mozilla will ensure that Firefox always executes the JavaScript on this page has yet to be determined. Although by placing the code on a web page, Mozilla can more rapidly update the Flash checking code without having to release a Firefox update that only changes the version numbers that are checked.

Update 2 - Mozilla have now officially announced the Flash plug-in checks. Nightingale also confirmed to The H that the check will not be run if the user has JavaScript disabled.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit