TechRadar on a newly discovered Firefox vulnerability:
Mozilla has released a critical update for Firefox that repairs a security flaw that could have allowed hackers to run unauthorized code on a user’s PC.
The new release, fixes an issue with the browser’s interface code, part of which wasn’t properly sandboxed. This provided a possible point of access for malicious code to run on the host computer.
The vulnerability has been present in Firefox since version 56, which was released in September last year. There are no examples of it being exploited in the wild, but the potential threat led Mozilla to release a fix immediately.
Mozilla has already released the update, and it should be automatically installed if auto-update is turned on (it is by default).
Since Quantum was released, I have been using Firefox far more often than Chrome. Safari is still my main browser, but there are times when it fails to properly display certain web sites. On top of that, couple my Google distrust with Firefox’s lightning speed, and I feel comfortable with this change.
The Mozilla Firefox web browser now blocks Flash by default. And when I say “blocks,” I don’t mean it asks you nicely if you’d really like to use Flash. I don’t mean it automatically pauses Flash videos like Google Chrome. I mean Mozilla has decided that Flash is going down.
Why such a hard-on for Flash? Why now? Well, it could be that the world just rediscovered just how prone Flash is to nasty, nasty vulnerabilities. When the Hacking Team—an Italian security company that sold intrusive spy tools—got hacked, one of those tools got out into the wild. A nasty hole in Flash that Adobe has yet to patch.
And in fact, Mozilla’s Mark Schmidt says that once the “publicly known vulnerabilities” are fixed, Firefox will stop actively blocking Flash.
So what about the bigger picture? Why ask to get rid of Flash once and for all?
This is only good for older versions of Flash with known vulnerabilities. The most recently issued version of Flash appears not to be blocked .. yet.