Firefox to Block Flash in August, Disable in 2017

four year old flash bug

Starting next year, Firefox users who navigate to pages that contain Flash will be asked their consent before activating the plugin. The move, long expected, comes as developers seek to curb usage of Flash in everyday web browsing.

Starting next year, Firefox users who navigate to pages that contain Flash will be asked for their consent before activating the plugin. The move, long expected, comes as developers seek to curb usage of Flash in everyday web browsing.

Benjamin Smedberg, Manager of Firefox Quality Engineering at Mozilla, confirmed in a blog post on Wednesday that the browser will also begin blocking non-essential Flash content next month, as another step to making the browser run more efficiently.

“These and future changes will bring Firefox users enhanced security, improved battery life, faster page load, and better browser responsiveness,” Smedberg said before acknowledging that the proliferation of sites running HTML5 for video has led to a gradual decline in Firefox crashes over the last year and a half.

Plugin-crash-rate-in-Firefox

By blocking specific Flash files, particularly invisible ones, Smedberg, claims Firefox should be able to reduce Flash crashes and hangs further – by up to 10 percent. To start, the company is planning to block a select few types of Flash, mostly SWF files.

Flash content that can be blocked without being noticeable to Firefox users, and Flash content where it’s possible to replace the functionality with HTML will come next and are candidates for a blocklist on Github Mozilla is maintaining.

Smedberg urged any developers still using Flash or Silverlight for video or games to plan on adopting HTML5, if they haven’t already planned on doing so. Smedberg also urged anyone using Flash to measure content viewability for advertising to consider shifting to a new API it plans on unveiling later this year. Flash content used in this fashion will be added to the blocklist around the same time Mozilla deploys the API.

Mozilla switched all NPAPI plugins to click-to-activate last month when it pushed Firefox 47. Mozilla previously announced plans to remove support for NPAPI plugins by the end of 2016 but according to Wednesday’s blog post, it appears the company has opted to push the deadline back to March 2017. Around next March is also when Firefox’s next Extended Support Release, should see a release. That build will support Silverlight and Java until the beginning of 2018, Smedberg said, to help users who may need more time.

Google first began pausing Flash ads in Chrome last year and announced in May that the browser would move away from Flash and default to HTML5 in Q4 later this year.

The platform has managed to remain a constant source of frustration for users and system admins alike, even as companies continue to distance themselves from it. Earlier this month, in one of its biggest updates of the year, Adobe was forced to patch 52 vulnerabilities in the platform, most of which could lead to remote code execution. Attackers have kept pace; using a zero day vulnerability in Flash to spread ransomware in April and another in June to hit high-profile targets in Russia and Asia.

Suggested articles

Discussion

  • asdfasdf on

    excuse me, but FF asks for concent for using the Flash already now... At least it askes me everytime I visit website with flash.
  • bbhank on

    I own this damn machine! if i want to run old versions of any software it's my choice!
    • Buka on

      Fuck Flash. Full of security issues.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.