There have been several “zero day” flash player exploits released in the past week or so, and today I find that firefox is automatically blocking flash from running on web sites I visit.
Some will remember a while back when firefox had an update that broke our chat rooms for a while, but this current issue is completely different.
Firefox choosing to block flash this way is a little heavy handed, but I think it’s for very good reasons. I preferred the way they chose to block the bad java plugin some time ago – it showed a little thing on the screen with a warning for me right where the object was that I was expecting to see. This time around it just makes our chat rooms appear to not function, and no big warning in their place. Just the blue screen of “no connection” death that some see when they get banned.
With a few other web sites I visited this morning I do see a little bar run across the top of the browser window with a message about flash being blocked. I noticed last night on the “check if your plugins are up to date” screen withing firefox there was a nice big message that said “all versions of flash player are vulnerable right now” – or something like that.
The good news is that you can click the red icon in the address bar and click to allow the flash to run on our chat rooms page and everything should work fine. It’s not easy to see that option, so I’ll post a little screen shot.
Only allow flash for our chat rooms / this site – and with a GREAT BIG WARNING
– our chat rooms script is fine, and our ads and such are not open to third parties publishing new things like some other places.
If you click links that other people post in the room, I strongly suggest you check to make sure your flash player is not working on those pages.
I would NOT enable flash on places like tumblr. I would not allow flash on anything Yahoo even.
For years people have said “surfing porn sites, of course you got a virus” – like you deserved to get a virtual std when clicking over to check out some porn? WTF?
Well these days you can get one of these flash player exploits that take over your entire computer system when visiting plain Jane sites like yahoo – and other places that allow for third party ads to be displayed on their network. There have been many cases in the past couple of years where massive amounts people got infected when visiting basic web sites like huff post and others that rely on third party ads. Sure some porn sites employ similar third party ad systems, and those can infect your system, even if the porn site web master has not added any exploit code him or herself.
So the morale of this story – bad bugs in flash were released to world some days ago – the good guys found one, adobe patched that the other day. Then a couple more were discovered, and as of this moment Adobe does not have a fix for this issue – so the good guys and a bunch of bad guys have the “computer takeover bug” in their hands, and they are going to publish it all over the web wherever they can. It’s best to not use flash right now, and will be best to check for updates every day – or several times a day, at least through this week.
There may be more of these flash bugs that are found in the 400 Gigabytes of code that was released – so be prepared for updates as they become available, and I highly suggest surfing the web in general with a browser that has flash disabled / turned off.
You can read some details about firefox choosing to block all flash via this article at zdnet.
There is an article at Mashable showing how to disable flash yourself in different web browsers here.
A few pics / screenshots showing some of the blocked flash things I ran into today:
I have been banned for no reason I don’t Chat under age etc. and I don’t know why.
we r allowed to fuck on line aren’t we
why am I banned
So far, I haven’t been able to get back into any of the chat rooms or much else with even the newest Firefox and Adobe fixes!
Last fix lasted 2 hours before it too got blocked.
There’s also some sort of java message that pops up momentarily, but never with any identifier on it.
have run into about 9 different sites having same problems, even Explorer 11 is not running Adobe Flash today.
maybe net control and censorship is covertly happening right in front of us and we’re too blind to see it?
Just read an article that says a new Java zero day exploit has been found in the wild. Another computer addon program / sometimes web browser plugin that has a known hole, with no fix yet – http://www.zdnet.com/article/java-zero-day-security-flaw-exploited-in-the-wild/
Current suggestion is to turn off Java in your browser until a patch is released.
This is another drive by hack – which means if you have java running in your browser, just visiting a web site that has the evil code in it somewhere will auto-infect your system.
I assume this can also be delivered via third party ads – and so could show up on tumblr or any other place that we tend to think of as mostly safe.
I just disabled java plugin and actually went into remove programs and just removed all versions of it. I’ll get back to java next month maybe.
good safe point Nash, might have to stay away from this site too regardless, until the damn bug is found and stopped.
It hit our comps at work this week, slowed the whole process and server to a crawl.
Today, even MS Excel and Word began jamming up.