Adobe has patched two zero-day vulnerabilities in Flash discovered in documents uncovered in the cyber-attack on controversial surveillance tools developer Hacking Team.
The two ‘critical’ flaws (CVE-2015-5122 and CVE-2015-5123) were the 37th and 38th Flash vulnerabilities found in the month of July so far and had led to Mozilla block all versions of Flash in Firefox until an update was released, claiming it was too dangerous to run by default.
Mozilla’s decision was the latest piece of negative publicity for after Facebook’s new chief security officer Alex Stamos called on Adobe to set an end of life date for the much-maligned plug-in due to the sheer number of security threats.
It is unclear when the Mozilla will lift the block on Flash, but Mark Schmidt, head of Firefox support at Mozilla, did say on Twitter this would happen once a patch had been released.
“To be clear, Flash is only blocked until Adobe releases a version which isn’t being actively exploited by publicly known vulnerabilities,” he said in a Tweet yesterday.
TechWeekEurope has asked Mozilla when Flash might be re-enabled but had not received a response at the time of publication.
Are you a security pro? Try our quiz!
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…
Elon Musk firm touts cheaper EV models, as profits slump over 50 percent in the…
Bad news for Tim Cook, as Counterpoint records 19 percent fall in iPhone sales in…
TikTok pledges to challenge 'unconstitutional' US ban in the courts, after President Joe Biden signs…