There have been several “zero day” flash player exploits released in the past week or so, and today I find that firefox is automatically blocking flash from running on web sites I visit.
Some will remember a while back when firefox had an update that broke our chat rooms for a while, but this current issue is completely different.
Firefox choosing to block flash this way is a little heavy handed, but I think it’s for very good reasons. I preferred the way they chose to block the bad java plugin some time ago – it showed a little thing on the screen with a warning for me right where the object was that I was expecting to see. This time around it just makes our chat rooms appear to not function, and no big warning in their place. Just the blue screen of “no connection” death that some see when they get banned.
With a few other web sites I visited this morning I do see a little bar run across the top of the browser window with a message about flash being blocked. I noticed last night on the “check if your plugins are up to date” screen withing firefox there was a nice big message that said “all versions of flash player are vulnerable right now” – or something like that.
The good news is that you can click the red icon in the address bar and click to allow the flash to run on our chat rooms page and everything should work fine. It’s not easy to see that option, so I’ll post a little screen shot.
Only allow flash for our chat rooms / this site – and with a GREAT BIG WARNING
– our chat rooms script is fine, and our ads and such are not open to third parties publishing new things like some other places.
If you click links that other people post in the room, I strongly suggest you check to make sure your flash player is not working on those pages.
I would NOT enable flash on places like tumblr. I would not allow flash on anything Yahoo even.
For years people have said “surfing porn sites, of course you got a virus” – like you deserved to get a virtual std when clicking over to check out some porn? WTF?
Well these days you can get one of these flash player exploits that take over your entire computer system when visiting plain Jane sites like yahoo – and other places that allow for third party ads to be displayed on their network. There have been many cases in the past couple of years where massive amounts people got infected when visiting basic web sites like huff post and others that rely on third party ads. Sure some porn sites employ similar third party ad systems, and those can infect your system, even if the porn site web master has not added any exploit code him or herself.
So the morale of this story – bad bugs in flash were released to world some days ago – the good guys found one, adobe patched that the other day. Then a couple more were discovered, and as of this moment Adobe does not have a fix for this issue – so the good guys and a bunch of bad guys have the “computer takeover bug” in their hands, and they are going to publish it all over the web wherever they can. It’s best to not use flash right now, and will be best to check for updates every day – or several times a day, at least through this week.
There may be more of these flash bugs that are found in the 400 Gigabytes of code that was released – so be prepared for updates as they become available, and I highly suggest surfing the web in general with a browser that has flash disabled / turned off.
A few pics / screenshots showing some of the blocked flash things I ran into today: