From InfoWorld: Mozilla on Monday began blocking all versions of Adobe Flash Player from running automatically in its Firefox browser, reacting to news of even more zero-day vulnerabilities unearthed in a massive document cache pilfered from the Italian Hacking Team surveillance firm.
Computerworld confirmed that the current production versions of Firefox -- dubbed v. 39 -- on both Windows and OS X now block Flash.
Mozilla engineers swung into action over the weekend after reports surfaced late Friday of another Flash zero-day -- the term that describes a flaw for which there is yet no fix, or patch -- discovered in the gigabytes of data and documents stolen from the Hacking Team. At the time, the bug was the second in Flash spotted in just five days.
Since then a third Flash zero-day has cropped up.
Neither the second or the third vulnerability had been patched by Adobe as of late Monday, although the company has promised to do so this week.
Mozilla added the current-as-of-Monday Flash Player 18.0.0.203 to Firefox's "block list" early Monday, and by day's end engineers had finished their work, tested the block and released it to Firefox users.
View: Article @ Source Site
