After a momentary banishment, Flash is back on Firefox.
Adobe Flash, the much-loathed, bug-plagued relic of a browser plugin, was blocked by default on Mozilla’s Firefox browser on Monday, a day after Facebook’s security chief called for Adobe to kill Flash once and for all.
Mozilla had banned Flash after two critical vulnerabilities in Flash’s code were discovered. The holes in the Flash software could allow someone to remotely take over your computer and infect it with malware.
Adobe squashed those two bugs on Wednesday, and Mozilla subsequently announced that Flash had been re-enabled on Firefox.
The Flash-bashing picked up last week after revelations that Internet bad guys known as the Hacking Team had been using Flash to sneak into people’s computers and load spyware onto them. (That discovery took place after the Hacking Team was itself hacked, and documents revealed in the breach showed that the Hacking Team exploited the Flash vulnerabilities).
“It is time for Adobe to announce the end-of-life date for Flash,” tweeted Facebook security chief Alex Stamos on Sunday, following the Hacking Team news.
Mozilla’s support chief Mark Schmidt quickly followed suit by tweeting that all versions of Flash had been turned off in Firefox.
Flash is growing less important on the Web. Just under 11% of websites use Flash, according to W3Techs, a technology survey company.
The add-on browser extension allows rich content to be viewed. It had been widely used a decade ago, powering most of the Web’s games, animations and videos. When YouTube launched in 2005, its videos were entirely Flash-based, requiring its audience to install the Flash plug-in software in order to watch YouTube media.
But the tide began to turn in 2010, when Steve Jobs wrote an open letter rant about Adobe’s security, blaming the company’s Flash player for being “the number one reason Macs crash” and citing Flash for having “one of the worst security records in 2009.”
Jobs was right — Flash does have a miserable security record, and continued to be bug-ridden long after publishing his open letter. It habitually tops Symantec’s annual list of vulnerable plug-in programs.
The iPhone never supported Flash. Though Android smartphones originally supported Flash — and used that fact as a selling point — Adobe killed Flash support for all smartphones in 2011. YouTube has been experimenting with playing videos natively in the browser several years ago and officially parted ways with Flash in January 2015.