Following the critical security flaw revealed in Adobe’s Flash player this week, calls to see the decommissioning of Flash have been on the rise.
Mozilla’s Firefox has blocked Flash on all of its browsers and Facebook are considering discontinuing its use on their social media empire.
The moves come following a series of vulnerabilities in Flash being actively exploited, including those exposed by the Hacking Team compromise.
Firefox users seeking to view Flash-based content, such as videos, adverts or more complex web tools for uploading images and other actions, will need to click again and accept a warning that “Flash is known to be vulnerable. Use with caution”.
That means users of Firefox cannot use Flash by default and will not be able to until Adobe patches the security bugs and updates the plugin. Adobe has struggled to keep up with the number of bugs and vulnerabilities being exposed within Flash.
At the same time, Facebook’s head of security Alex Stamos, who is previously credited with significantly improving the security of Yahoo’s operations, called for Flash to be killed off.
It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.
— Alex Stamos (@alexstamos) July 12, 2015
Stamos said that a date for the decommissioning of Flash needed to be set in stone so that the industry has time to switch away from the much maligned plugin.
“Nobody takes the time to rewrite their tools and upgrade to HTML5 because they expect Flash to live forever. We need a date to drive it,” said Stamos.
Many alternatives have been made available to replace Flash. Several high-profile video streaming services, including Sky TV and Netflix switched to Microsoft’s Silverlight instead of Flash. Even Silverlight, however, has been rejected by browsers including Google’s Chrome, forcing others to use HTML5.
The move towards using native HTML5 for the majority of Flash uses has been welcomed by most, although some services that require digital rights management to secure licences have resisted the move.
Should Facebook ditch Flash wholesale, which is still used by some of the games and apps published on the social network by third-party publishers and a few of its own upload tools, it would send a powerful message.
The majority of the large US technology companies, including Google and Apple, which famously blocked Flash from existing on its iPhone and iPad, have moved towards more modern and secure technologies.
Stamos and others are advocating that now is the time to put Flash out to pasture.