Mozilla blocks Flash on Firefox due to Hacking Team exploits

Mozilla disabled Flash Player within Firefox on Tuesday, adding all versions of the software – including the most recent release – to the browser’s blocklist.

The reason for sweeping block of Adobe’s product can be traced to the Hacking Team exploits that were discovered in the cache of files leaked to the Web last week.

“All versions of Adobe’s Flash Player plugin are currently deactivated by default, until Adobe releases an updated version to address known critical security issues,” Mozilla tells users.

“Some websites use Adobe Flash to display content. However, attackers can also use the security flaws in Flash to run malicious software on your computer and gain access to your system. One way to protect yourself is by disabling or removing Flash, but if your trusted websites require Flash, you can change your plugin settings so that Flash runs only when you click to activate it.”

Anyone attempting to update Adobe’s Flash Player from within the add-on menu are directed to a notice explaining that Flash has been “blocked for your protection.” The initiative includes Flash Player Plugin version 18.0.0.194 up to 18.0.0.202.

The block was requested for Flash on July 8, the day Adobe patched the first of three newly discovered exploits developed by Hacking Team.

The first exploit was quickly added to the Neutrino and Angler exploit kits. Since then, researchers at FireEye and Trend Micro have discovered two additional Flash-based exploits.

If you have to use Flash Player and want to make sure you have the latest version installed (which is always a good idea) it can be downloaded directly from Adobe.

Patches for the remaining two Hacking Team exploits are expected sometime this week.

Adobe has updated Flash Player, Shockwave Player, and Adobe Reader. Users are advised to install these updates immediately.