New Default: Mozilla Temporarily Disables Flash In Firefox

Trailrunner7 writes with news that "Mozilla has taken the unusual step of disabling by default all versions of Flash in Firefox." Two flaws that came to light from the recent document dump from Hacking Team could be used by an attacker to gain remote code execution. From Threatpost's article: One of the flaws is in Action Script 3 while the other is in the BitMapData component of Flash. Exploits for these vulnerabilities were found in the data taken from HackingTeam in the attack disclosed last week. An exploit for one of the Flash vulnerabilities, the one in ActionScript 3, has been integrated into the Angler exploit kit already and there's a module for it in the Metasploit Framework, as well. Reader Mickeycaskill adds a link to TechWeek Europe's article, which says these are the 37th and 38th flaws found in Flash so far this month, and that the development "is a blow for Flash after Alex Stamos, Facebook's new chief security officer, urged Adobe to set an 'end of life' date for the much-maligned software."

We need Flash, because it is easy to block

[sinij]

We need Flash because it is easy to block. You can remove a huge chunk of Web obnoxiousness by simply disabling/uninstalling Flash while not breaking the rest of the website. With HTML5, this won't be as straight-forward process.

Re:We need Flash, because it is easy to block

[gstoddart]

You got modded funny, but I tend to agree.

If the crap that Flash does is part of the HTML 5 spec, I really do worry we won't be able to block it quite so readily.

In which case the browsers become even less secure. That will be a bad thing.

Re:

[Anonymous Coward]

I disagree. There will still be third-party plugins to do this, plus now you get the option to easily roll your own. For example, on slashdot I have a plugin that runs :

$('video').empty().remove();

plus several other scripts to re-display content in a manner of my choosing.

Re:

[Gavagai80]

For videos, it's simple. For ads doing different HTML 5 animations, not so simple.

Re:

[SuperKendall]

Amusing but true, there's already a lot of HTML5 nonsense that goes on in many sites, even on browsers I specifically disallow Flash on.

I think what we need to advance user tech is "click to remove HTML5 element" with memory of what element you removed, that would automatically be scotched the next time you visited the same site. That way you could even allow "tame" ads if you liked, and just stop obnoxious floating elements that blocked content...

Re:

[tepples]

You can update the browser without crapping up the UI by installing Pale Moon.

Re:

[fermion]

I have used flashblock to control the flash player. Note the only reason I installed it was to stop autoplay flash. I can't really focus on anything else when a video is playing. With the implementation of flash blocking on Firefox, which stated, what, a couple months ago, flash no longer works at all. Flash has been on the decline since the smart phone did not have the power to run it and everyone is blocking it. Which, as mentioned, is a moot point as HTML5 provides autorun ads that have no control.

Chrome

[Anonymous Coward]

Won't this just cause frustrated users to switch to Chrome or another browser, further further hurting Mozilla's market share? Recently I went to a flash web site, it didn't work, so I booted up Chrome.

Re:

[Zontar The Mindless]

Opera.

The latest version of Chromium appears to be good for little other than crashing my desktop on startup.

Blue Moon

[FreeUser]

Blue Moon, baby, Blue Moon.

Installed it yesterday, won't be bothering with Mozilla again.

Re:Blue Moon

[Kargan]

Not seeing any hits on google for that one. Pale Moon?

https://www.palemoon.org/ [palemoon.org]

Re:

[wonkey_monkey]

Would that be Pale Moon you're thinking of?

Re:Chrome

[myowntrueself]

Won't this just cause frustrated users to switch to Chrome or another browser, further further hurting Mozilla's market share? Recently I went to a flash web site, it didn't work, so I booted up Chrome.

Yes, now you need 2 browsers; chrome and firefox.

Chrome for flash and Firefox for java.

Re:

[prefec2]

Google is also thinking to remove support for flash from Chrome.

Not really true (anymore)

[R.Mo_Robert]

Mozilla did block the then-latest version of Flash Player, 18.0.0.203, last night. Adobe released version 18.0.0.209 early today, which fixes this vulnerability and which Mozilla is not blocking. They didn't really block "all versions," they just blocked versions less than or equal to known vulnerable versions, which at that time happened to also include the then-latest version. Let's stop using misleading phrasing that will make people think they blocked any past, current, or hypothetical future version of the plugin.

Re:

[tepples]

Unless Title Guy edited the title in the past ten minutes, I don't see how "Mozilla Temporarily Disables Flash" is "misleading phrasing that will make people think they blocked any past, current, or hypothetical future version".

Re:

[R.Mo_Robert]

Unless Title Guy edited the title in the past ten minutes, I don't see how "Mozilla Temporarily Disables Flash" is "misleading phrasing that will make people think they blocked any past, current, or hypothetical future version".

Slashdot edited the headline--thanks for giving me the benefit of the doubt. :) The old one was something like "Mozilla disables all versions of Flash in Firefox."

Re:

[R.Mo_Robert]

Unless Title Guy edited the title in the past ten minutes, I don't see how "Mozilla Temporarily Disables Flash" is "misleading phrasing that will make people think they blocked any past, current, or hypothetical future version".

Slashdot edited the headline--thanks for giving me the benefit of the doubt. :) The old one was something like "Mozilla disables all versions of Flash in Firefox."

Wait, or maybe they didn't edit the headline, IDK (though I think they did)--but the story still implies the same (perhaps that's what I remember), that they're disabling "all versions," which is no longer true in any case.

Re:

[tepples]

Slashdot edited the headline--thanks for giving me the benefit of the doubt. :)

I guess it comes from my experience reading Cracked.com, which is notorious among its commenters for posting an article with an unfitting title and then changing its title [google.com].

Re:

[Anonymous Coward]

You know slashdot is slow, when even adobe have enough time to fix the flash before news actually hit the front page

Re:

[colfer]

Mozilla was blocking all Flash until the second update came out. The page https://www.mozilla.org/en-US/... [mozilla.org] clearly showed that. You could change it to from "disabled" to "ask to activate" if you chose to.

Chrome also updated today, but the bundled Flash player in Chrome is click-to-play by default. IE should do that with its bundled player. And Microsoft should use Windows Update to block the plugin player for old version of IE. And old Java in any browser, with an override available.

Re:Not really true (anymore)Let's stop using misle

[bill_mcgonigle]

Let's stop using misleading phrasing that will make people think they blocked any past, current, or hypothetical future version of the plugin.

Hey, there are a lot of linux users here - we're used to it. Mozilla has been blocking the current version [mozilla.org] of Flash on Linux for three years now. The people who know that codebase can't seem to figure out how to put in an if statement (I jest - they just don't give a fuck about it working).

Until Bugzilla comes back up, what bug is that?

[tepples]

Mozilla has been blocking the current version of Flash on Linux for three years now.

You cite a Bugzilla bug as evidence. But as of right now, Bugzilla is giving a "Service Unavailable" error, and Wayback Machine gives "Page cannot be crawled or displayed due to robots.txt." Is that the bug about implementing the entire PPAPI to use Google Native Client plug-ins? Or is it some other bug?

Re:

[MrL0G1C]

And their plugin check page still doesn't work for me.

And the page doesn't show a link to get flash.

Re:

[Forever Wondering]

But, Adobe did not update the Linux Firefox NPAPI version. It's still 11.2.202.481, which was listed as vulnerable.

The NPAPI version is an "extended support" release because Google came up with a new "universal" interface for all OSes, and, decidedly refused to map it on top of NPAPI [in order to kill Firefox in favor of Chrome]. Adobe adopted this and stopped active development on the NPAPI version. And, Firefox refused to support the new interface, saying that NPAPI was just fine.

Meanwhile, I'm still w

Re:

[Gavagai80]

Google wasn't trying to kill Firefox with pepper, they made everything Firefox needs to implement pepper available as open source and encouraged Firefox to add support. It's Firefox's choice not to implement it because they consider it "non-standard".

Can they fix Firefox popup blocked?

[Anonymous Coward]

Chrome can block popups, that Firefox lets through. This is because Flash is doing the popup, and Firefox does not catch the CreateWindow, but Chrome does. Firefox only intercepts the normal web window creates.

So at least for the moment, this fixes Firefox's crappy non-functioning popup blocker.

Likewise Chrome now runs Flash in a separate process, because Adobe are so inept they cannot be trusted not to leave lots of security bugs in their products. So Google wrapped it in a process wrapper, the same way pe

Re:Can they fix Firefox popup blocked?

[tepples]

Chrome now runs Flash in a separate process, because Adobe are so inept they cannot be trusted not to leave lots of security bugs in their products. So Google wrapped it in a process wrapper [...] Firefox should do the same!

Firefox has been running Flash Player in plugin-container.exe [mozilla.org] for years.

Here we go again

[Virtucon]

Whack-a-mole with Flash continues this week with yet another zero day vulnerability with Flash being fixed. This is unsustainable. Time for Flash to really die.

Re:

[ColdWetDog]

Unsustainable? You even mention that Adobe has been doing this for years. It is about as unchanging as anything in computing.

Re:

[Virtucon]

For the past couple of months it seems like it's been a weekly cycle instead of once a month. Frequency and urgency of the patches brings more focus as to "why do we have this again?" There are a lot of companies out there that have Flash in their content distribution systems for Intranets and this zero day fire drill is getting old fast for quite a few of them. In the long run killing Flash is a good thing, killing Adobe would probably be better. Call it penance.

Broken OS X Updater

[Kozar_The_Malignant]

While I appreciate that Adobe endlessly updates Flash, the fact that they can't manage to write a functional updater for OS X makes me wary of the value of the updated code. When you have to completely uninstall Flash every time and reinstall it, I decided to stop after the uninstall.

Re:

[NJRoadfan]

Most of the time it doesn't work either. Very few machines seem to auto update with it enabled.

Flash in Firefox/Linux

[Zanadou]

If you're (forced to!) run the outdated version of Flash in Firefox on Linux, now might be a good time to go to the tools menu > addons > plugins and set Shockwave Flash to "Ask to Activate". Then the plugin will stay disabled per default, but can be activated on a per-site basis.

Adobe: "You're on your own."

Re:

[Blaskowicz]

It sucks as you can't set a whitelist (for soundcloud.com at least, and perhaps youtube for some convenience)

Have to add a random extension or two, but who knows how long the extension will work. I used flashblock for about a decade but somewhat recently, it imploded (I suppose it depended on one person that can't do the maintaining job anymore)

I got lazy and simply block the ads now. For a decade I had the web with ads and all flash blocked, now I have no ads (including the flash based ones) but there are

disable plugin

[mennucc1]

I have been using long this flash disable plugin [mozilla.org]. It is easy to use; it is simple : it just triggers internal configurations that Firefox has always had. It adds a button to enable flash on those few sites were Flash is used for content and cannot be replaced. I recommend ticking 'Disable at startup' and 'Ask to activate' in the preferences. "Simple & easy" always provides better security.
Enough said.

Must not be in Firefox 42

[LocalH]

I run Nightly, and have the latest Flash installed (just updated it to make sure). Flash content seems to load fine, I get no blocking message.

Re:Isn't Flash extinct?

[pack27]

ESPN, Bleacher report, Faebook, Hulu, steam trailers, pretty much every single news website, etc.

Re:

[paul_metcalfe]

This may prove an excellent incentive for those websites to stop using such dangerous technologies.

I've had flash on "ask to activate" by default for a while now, and it wants to activate on almost every fucking website I visit. I don't see any flash elements on those pages. It's probably used solely for advertising by most sites.

But yeah, youtube don't need it anymore. You can still watch your cat vids.

Re:

[omnichad]

Flash + cookie + Web storage + Etags = supercookie

Re:

[bigpat]

Adobe should provide/sell tools that will enable people to convert their Flash content into the equivalent standards based browser supported formats. If they make it easy they will have created an essential web development tool in the process. If they stick with Flash they are just milking the dead horse.

Re:

[Citizen of Earth]

ESPN, Bleacher report, Faebook, Hulu, steam trailers, pretty much every single news website, etc.

Those don't even matter. PORN sites use Flash. QED.

Re:

[CaptSlaq]

I care about none of those things. Youtube uses html 5 just fine.

Most of the time. Not all of it though.

Re:

[Gizan]

MY forced HTML5 Youtube is still asking to activate flash for every video...

Re:

[BitterOak]

I care about none of those things. Youtube uses html 5 just fine.

How do you get to the HTML5 version of YouTube? Whenever I play a YouTube video, it uses Flash. I know this cause if I right click on a video a menu pops up and one of the options is "About Adobe Flash Player". Is there a different URL for the HTML5 site, or is there a settings menu somewhere where I can change it?

Re:

[BitterOak]

Ooops. Sorry to answer my own question, but after a bit of research (which I should have done before posing the question, I guess) I found the answer. It's at www.youtube.com/html5 I guess it just isn't the default yet.

Re:

[Anonymous Coward]

I care about none of those things.

Oh well we dont need it then.

I seriously can't believe how self-involved and ignorant some people on here are. People like you are why the stereotype of anti-social, geek basement dwellers is proliferated, you define it.

Re:

[gstoddart]

Depends on your definition of "useful".

A lot of people seem to complain about how tragic it would be if people could no longer access games.

Me, I'm of the opinion Flash has been a terrible security/privacy nightmare as long as it has existed and don't install it on my machines.

Flash is long overdue to be killed off.

Being the source of at least one security exploit every month for the last 15 years tells me it's a Steaming Heap of Innovative Technology, and always has been.

Flash is only part of evercookie

[tepples]

Flash LSOs are only one persistence means used by the evercookie library [samy.pl]. It also uses HTML5 localStorage, IndexedDB, pixel values in cached images, and other methods.

Re:

[FranTaylor]

The one reason that flash does not run on the iPhone

is because apple doesn't want their users to get mad at their virus-laden phones

Re:Isn't Flash extinct?

[LocalH]

When Jobs made the decision to disallow Flash on the iPhone, there were no third-party apps. Period. There wasn't even a jailbreak, since he made the decision prior to the release of the original iPhone. So, his decision had nothing to do with the App Store, since it didn't exist.

Re:

[ConceptJunkie]

Perhaps, but I'm sure it was on his mind. Apple is really good at thinking ahead.

In the long run, disallowing Flash is probably a good thing. I don't use any iProducts, but I pay attention to Apple because they are very influential.

Re:

[msobkow]

What Apple wanted was lock-in to their tool chain, so all interpreters were blocked from release for iOS. It's not about "forward looking" -- it's about being able to sell an Apple Mac to every single developer out there that wants to run their tool chain. Money, money, money. And more money.

Re:

[jo_ham]

It really wasn't - they were pushing web-native apps that you'd add to the springboard pretty hard when the iPhone launched. Just not ones that were powered by Flash because it was a performance and security nightmare.

The App Store was something they were not expecting would be as big as it was.

Re:Isn't Flash extinct?

[Stewie241]

Yes, that was the narrative at the time - 'they are taking away our freedom'. In hindsight, even though I probably would have heavily criticized Apple for the move, and would have pointed to it as a reason to choose Android, the reality of the situation was, at least in my experience, that Flash on Android was a rather shitty experience that never really worked that well. And while it seemed arrogant and annoying that Steve Jobs tried to use his sway to annihilate Flash as a platform, I now believe that it was for the best. Flash has a heavy impact on battery life, is generally a lot slower, and is generally less secure than native alternatives.

So, yes, Apple made a seemingly arrogant move and exiled Flash from the iOS platform, but in the long run this drove development toward alternatives and pushed web developers to use technologies that were more mobile friendly (like using HTML for your content instead of some flash application) and I think the overall net effect for the web community has been positive.

Re:

[LinuxIsGarbage]

. . .the reality of the situation was, at least in my experience, that Flash on Android was a rather shitty experience that never really worked that well.

That's been my experience on PCs as well.

-Websites. Typically it seems things like small restaurants, make their whole site in Flash and it's a slow, obnoxious POS. Usually it's a basic page that could handle simple HTML. All I want is your hours, menu, address, and phone number.
-Annoying fucking ads. The CPU will rev for no apparent reason.
-Videos, like Youtube, will rev the CPU and be all jittery. Rip the FLV, play it in VLC (or whatever), and the CPU will just sip power and play silky smooth, even on a 1

Re:

[sribe]

The one reason that flash does not run on the iPhone is that a man with a black collar did not want all kind of flash games on his phone, he wanted to sell those games native from the app-store, and take a percentage on that.

Bullshit. More like: Adobe up to that point had been unable to deliver a usable mobile Flash, and in fact, years later, still had not, and in fact, years later completely abandoned the development effort.

Re:

[jones_supa]

For Finnish people, YLE Areena [areena.yle.fi] is kind of important. That's the national public-broadcasting company's programme streaming website.

Re:

[Culture20]

Finns can't figure out how to use html5 video? Or are they contracturally obligated to use flash?

Re:Isn't Flash extinct?

[jones_supa]

They give a reasoning [yle.fi] in the FAQ:

"Yle Areenan videot toimivat edelleen Flash-soittimen avulla. Flash-soitinta käytämme siksi, että HTML5 standardi ei medioiden jakelussa tarjoa vielä sellaista suojausta, jota tekijänoikeuksien haltijat Yleltä vaativat. Vaatimukset tulevat sekä ohjelmantoimittajilta, että musiikin tekijänoikeusjärjestöiltä. Käyttöliittymätekniikkana HTML5 on käytössä, kuitenkin niin että palvelu on saavutettavissa myös vanhemmilla selaimilla."

Translation: "Yle Areena videos still utilize Flash player. Flash is used because the HTML5 standard does not provide sufficient content protection that the copyright holders expect from Yle when distributing media. These requirements come from both programme distributors and music copyright organizations. HTML5 is being used in the user interface, but in a fashion that older browsers are also supported."

Of course that information is now a bit obsolete, as these days HTML5 supports DRM as well.

Re:

[Dutch Gun]

From what I've heard, some sites like Crunchyroll are still contractually obligated to use Flash because of the DRM that Flash uses. I wouldn't be surprised if Amazon Prime is similarly constrained. Maybe that will change if, as you say, HTML5 can use DRM now, but things like that take a while to change.

It's ridiculous, because it's not exactly hard to grab a torrent of just about any show you want with just a tiny bit of effort. The DRM prevents NO ONE from pirating their shows. I pay for service for a

Re:

[paul_metcalfe]

My national broadcasters used Silverlight. This angered many people because of obvious reasons.

Max schadenfreude of course when MS pulled the plug on Silverlight

Re:Isn't Flash extinct?

[Jamu]

It's mostly on Facebook that I notice I've not got Flash installed. I especially like the way it tells me my technology is out of date.

Re:

[Zontar The Mindless]

I don't know how useful you consider the site, but this morning's Firefox update broke YouTube for me.

Re:

[ColdWetDog]

Bug or feature?

It's so hard to tell these days.

Re:

[Zontar The Mindless]

Well, I was wanting to listen to some James Brown.

OTOH, if I'd visited YT due to an attempt at rickrolling me...

Re:

[dissy]

I don't know how useful you consider the site, but this morning's Firefox update broke YouTube for me.

If you uninstall Flash plugin from Firefox, Youtube will detect no flash plugin and instead use HTML5 video which works natively.

But just having the Flash plugin, be it disabled or blocked or if you have Javascript lie, will cause Youtube to fall back to trying (and failing) to use the Flash player.

A good "emergency" tip for youtube, although all the other websites without HTML5 video versions (aka all the other ones I use) will of course remain broken - or in the case of Flash per-page blocking, will break

Re:

[ConceptJunkie]

The OK, the latest release of Flash I updated to about two days ago crashes about 1 out of every 3 times. I use Pale Moon, but it seems to me that Firefox blocking Flash is a lateral move.

Re:

[HideyoshiJP]

I don't know of many. I know vSphere web console uses it, but I use IE for that. I've also seen a few stores still using it for zoom controls on product images.

Re:

[mlts]

I still don't get why VMWare dropped the client around ESX 5.0. The client definitely doesn't have the features of the Web client... but it worked quite well.

Looks like I might have to do with VMWare what I do with some older embedded appliances that require Java (and break on any new Java version), and that is to have a VM set up on a separate cluster (to protect against chicken/egg scenarios) whose sole purpose in life is to be for logging into vSphere.

That, and be able to do vSphere command line work, s

Re:

[lgw]

Can't you use VMware Workstation now as a substitute for the horrible vSphere client? The UI of Workstation was always worlds better, and they added full vSphere support several years ago IIRC.

Re:

[mlts]

Never tried, as I've always punted the OVF/OVA files manually, but don't think it would do well with managing cluster or datacenter objects. Even backing stores isn't a concept in VMWare workstation (as it just uses the OS filesystem for that.)

Thankfully, not much has to be done to spin up a new VM, less if one uses some top tier abstraction utility.

Re:

[lgw]

The Workstation team added all those concepts to their UI, though, just to be a full replacement for vSphere.

Re: Isn't Flash extinct?

[buchanmilne]

I use the vSphere Web console on Chrome/Linux, because it doesn't work with the npapi version of flash. There are still some things that the Web console doesn't do well (e.g. copy a generated mac address) that the thick client does better. But was the thick vSphere client available for OS X?

Red Hat Enterprise Virtualisation is a better in that regard, requires a (spice) plugin for the virtual kvm, but doesn't require flash.

The other thing I need flash for is submitting my tax return (in South Africa). About

Re:

[0xdeaddead]

yeah, my F5 load balancers. Oh and VMWare since they decided that was the way to go.

Re: Isn't Flash extinct?

[cyber-vandal]

Yes

Re:

[Darinbob]

Youtube still does by default. You can get HTML5 but you have to manually alter the URL to do so. Thus any links you have from social media that head back to Youtube will almost always use Flash.

Re:

[0123456]

Last I looked, at least one major auto manufacturer's web site was entirely Flash. There's no reason for it, since there's a Flash-free version for iPads, but even Android tablets got the Flash version, which didn't work because... no Flash on Android.

Re:

[jones_supa]

Facebook videos can now be viewed with HTML5.

Re:

[Feanturi]

Some can, some can't. Flash is not installed on my machine, and I can see various videos without it, but some throw the "missing plugin" tile.

Re:Isn't Flash extinct?

[gstoddart]

It's one of the 3 browsers I keep open all the time.

I don't give a damn about any of their new features. But it's the one which is set to not run any javascript ever or accept cookies and has the most locked down settings.

It's my "I don't trust you" browser.

Re:

[mlts]

I tend to rotate between FF and Chrome for general Web browsing, although I wrap both with sandboxIE pointing towards a different drive volume [1], or I put the browser in a VM. This way, no matter what type of supercookies are saved, they get dumped. Of course, this doesn't help with browser fingerprinting, but there are other ways to deal with that.

Firefox can be well configured with add-ons to limit the scope of what can be done. No ads, Javascript, Flash, social media tokens, all easily selected per

Re:

[Grishnakh]

People who want to use the best browser, that's who.

IE is trash of course, and Chrome, while it was a good option a while ago because FF was so buggy and Chrome was leaner and faster, today Chrome is a slow memory hog and FF has fixed most of its problems and runs much faster and with far less memory.

Cities with

[tepples]

It's time for you to find a new place to do your banking.

That's not practical for everyone, especially if you happen to live in a place that has only one bank's ATMs. When I went to college from 1999 through 2003, only Terre Haute First Financial Bank had ATMs in Terre Haute, Indiana.

Re:

[FranTaylor]

That's not practical for everyone, especially if you happen to live in a place that has only one bank's ATMs.

My credit union reimburses me when I use another bank's ATM and I get charged.

My credit union lets me deposit a check by taking a picture of it

There is no reason for me to use one of their ATMs.

Re:

[tepples]

It depends on how ready these companies are to make their "flagship products" available to users of iOS and Android.

Re:

[gstoddart]

If you're on Windows, essentially you keep IE around to run the shit you wouldn't enable in any other context but you need for work.

For me, IE is the browser of last resort, or the one I exclusively use for work stuff.

AFAIK, IE is happy to keep letting every insecure piece of crap keep running.

I've essentially got four browsers configured for different purposes.

Re:

[myowntrueself]

If you're on Windows, essentially you keep IE around to run the shit you wouldn't enable in any other context but you need for work.

For me, IE is the browser of last resort, or the one I exclusively use for work stuff.

AFAIK, IE is happy to keep letting every insecure piece of crap keep running.

I've essentially got four browsers configured for different purposes.

I did try IE but its been so slow and crashes on so many sites...

Re:

[chefmonkey]

You don't suppose that the reason IE is slow and crashes on so many sites is precisely *because* it's so promiscuous regarding third-party components that are poorly written, do you? Of course you don't, because that would require admitting that what Google and Mozilla do -- blocking shit that ruins your experience -- is actually the only sane way to be good stewards of Chrome and Firefox. And you've already assumed that they're just doing that to piss you off.

Re:

[myowntrueself]

You don't suppose that the reason IE is slow and crashes on so many sites is precisely *because* it's so promiscuous regarding third-party components that are poorly written, do you? Of course you don't, because that would require admitting that what Google and Mozilla do -- blocking shit that ruins your experience -- is actually the only sane way to be good stewards of Chrome and Firefox. And you've already assumed that they're just doing that to piss you off.

This isn't for $randomsite

This is for work related stuff, very limited selection of 'sites' mostly actually hardware that has user interfaces in the browser. Some people use this stuff in their work, you know?

Re:

[gstoddart]

Wait, what?

So, you want a browser which doesn't disable crapware when it become so broken as to be dangerous. But you also want a browser which doesn't suck?

You're joking, right?

Re:

[myowntrueself]

Wait, what?

So, you want a browser which doesn't disable crapware when it become so broken as to be dangerous. But you also want a browser which doesn't suck?

You're joking, right?

People actually, believe it or not, have jobs that involve using flash and/or java in their browsers.

Re:

[gstoddart]

Which in no way changes that both the Flash and Java plugins are horrible, flaky, insecure, and deprecated.

As I said, you pretty much have to keep one browser for all the shit you shouldn't trust, and one for the rest.

But don't be surprised when the horrible, flaky, insecure and deprecated plugins demonstrate why they're all those things.

When your company sticks you with garbage, you're stuck with garbage. It sucks, but the solution isn't for everybody else to try to make Flash and Java suck less when used

Re:

[myowntrueself]

Which in no way changes that both the Flash and Java plugins are horrible, flaky, insecure, and deprecated.

As I said, you pretty much have to keep one browser for all the shit you shouldn't trust, and one for the rest.

But don't be surprised when the horrible, flaky, insecure and deprecated plugins demonstrate why they're all those things.

When your company sticks you with garbage, you're stuck with garbage. It sucks, but the solution isn't for everybody else to try to make Flash and Java suck less when used on web pages.

Mozilla are protecting most of their users. Your IT department can protect you.

If Flash is going to be on it's 38th exploit of the month, I applaud Mozilla disabling it. Because it really always has been a pile of shit, and has always been insecure beyond belief.

Yes its true, companies make you use unsecure, crappy browser plugins to manage their hardware. Companies like Supermicro, Dell, Cisco, the list just goes on and on.

Re:

[peppepz]

It's not that Firefox disables flash behind your back: it displays a security warning in place of flash boxes, having a button to enable the plugin again. Also, it will only do it for versions of flash which are known to be vulnerable. This is quite a good thing IMHO: remaining within the nanny terminology, it's not a matter of how much grown up you are, if you have a vulnerable plugin, and you visit a compromised site, your machine will be owned.

Re:

[brunes69]

Except the OPs other example, Chrome, offers no workaround. Chrome removed all support for NPAPI, and therefore Java, from the Linux codebase. There is no command line flag or back-end setting to bring it back This makes it IMPOSSIBLE to use Chrome for work purposes by a huge number of people, and forced us all to Firefox.

The only way to get it back is to build it from source yourself, since no one has created a fork yet.

Re:

[QuasiEvil]

I'm okay with the warning/enable system in FF, but I really wish they'd add a global button of "yeah yeah, fuck off and enable it because I said so and I'll take the risk" for when I really need to get stuff done and I'm tired of having to click on the flash box on every damned site.

Re:

[myowntrueself]

I'm okay with the warning/enable system in FF, but I really wish they'd add a global button of "yeah yeah, fuck off and enable it because I said so and I'll take the risk" for when I really need to get stuff done and I'm tired of having to click on the flash box on every damned site.

exactly!

I want a "I know what I'm doing and only using this browser on known sites just get out of my way and let me do my fucking job" browser.

Vector animation

[tepples]

Flash has historically been used for vector-based multimedia. If, say, Strong Bad emails or French Erotic Film [albinoblacksheep.com] were converted to MP4 or WebM, they'd be ten times bigger (source: my tests) and thus count ten times more against your ISP's monthly cap. Sure, Adobe's newer tools can export .fla to HTML5, but those tools are available only for rental, and anything needing the .fla works only if the original author is still contactable.

Re:

[tepples]

Then it serves up html5

Until the BBC catches on to this workaround. After that, the BBC will likely start serving up links to Google Play Store.