It's not looking good for Flash.
Mozilla's web browser Firefox blocked Flash Player, Adobe's once-ubiquitous browser plugin that brought us multimedia, games and video throughout the naughts, on Tuesday.
A message on Firefox's add-on page for Flash reads, "Flash Player Plugin 18.0.0.203 has been blocked for your protection." As noted on the plugin page, "old versions of the Flash Player plugin have known vulnerabilities."
Mark Schmidt, head of Firefox support at Mozilla, tweeted the news along with an image that reads "occupy Flash." In posting it, Schmidt clearly positions himself in the “Flash must go” camp.
BIG NEWS!! All versions of Flash are blocked by default in Firefox as of now. https://t.co/4SjVoqKPrR #tech #infosec pic.twitter.com/VRws3L0CBW— Mark Schmidt (@MarkSchmidty) July 14, 2015
Schmidt later explained that Flash is only blocked until Adobe releases a new patched version. His sentiment against the platform, however, was clear.
The action comes days after a critical Flash Player security flaw was found in the stolen documents from security company Hacking Team, which was itself hacked last week. Adobe promptly fixed that vulnerability, but days later more critical vulnerabilities were found; Adobe promised another fix this week.
To make matters worse for Adobe, Facebook Chief Security Officer Alex Stamos opined Sunday that it's time for the company to set an "end-of-life" date for Flash.
It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.— Alex Stamos (@alexstamos) July 12, 2015
It's easy to understand why security experts are calling for an end to Flash. It has simply been plagued with too many security flaws and effectively replaced with HTML5. The beginning of the end was likely Steve Jobs' famous open letter on Flash. In 2010, Apple officially gave up on supporting the platform on iDevices; Jobs blasted it for being a closed, slow, insecure memory hog.
Adobe will likely fix the latest gaping security holes in the platform, but it seems fewer companies are ready to support something that's becoming less useful and more insecure every day.