Adobe has patched two zero-day vulnerabilities in Flash discovered in documents uncovered in the cyber-attack on controversial surveillance tools developer Hacking Team.
The two ‘critical’ flaws (CVE-2015-5122 and CVE-2015-5123) were the 37th and 38th Flash vulnerabilities found in the month of July so far and had led to Mozilla block all versions of Flash in Firefox until an update was released, claiming it was too dangerous to run by default.
Mozilla’s decision was the latest piece of negative publicity for after Facebook’s new chief security officer Alex Stamos called on Adobe to set an end of life date for the much-maligned plug-in due to the sheer number of security threats.
It is unclear when the Mozilla will lift the block on Flash, but Mark Schmidt, head of Firefox support at Mozilla, did say on Twitter this would happen once a patch had been released.
“To be clear, Flash is only blocked until Adobe releases a version which isn’t being actively exploited by publicly known vulnerabilities,” he said in a Tweet yesterday.
TechWeekEurope has asked Mozilla when Flash might be re-enabled but had not received a response at the time of publication.
Are you a security pro? Try our quiz!
Pretty please? Elon Musk's X requests permission from Brazil's Supreme Court to resume service in…
Restructuring plan for OpenAI's core business will turn it into a 'for-profit benefit corporation', amid…
Blackstone to invest £10 billion in data centre in England's north east, at proposed site…
One of the most privacy focused web browsers, Firefox, is at the centre of a…
All change again at OpenAI, as CTO and two other senior executives depart, amid a…
Congressional testimony sees CrowdStrike executive publicly apologise for faulty update that caused chaos around the…