[arch-general] current flash vulnerabilities - what to do?

Francis Gerund ranrund at gmail.com
Thu Jul 16 17:01:09 UTC 2015


Just noticed in Firefox 39.0-1 preferences an entry "Flash video".  In the
drop down menu next to it, "Use mplayerplug-in is now gecko-mediaplayer
1.0.9 (in Firefox)" is selected.

Gecko-mediaplayer 1.0.9-1, Build Date: Tue 27 May 2014 is installed.

I could uninstall gecko-mediaplayer, but quite a few things in Firefox
preferences in (other than "Flash video") seem to be set up to use it
also.

So, unless I want to lose a lot of functionality in Firefox (and mplayer
37379-3, and elsewhere?), should I just switch the menu selection
in Firefox to "Always ask"?


Or is there a better idea?


On Thu, Jul 16, 2015 at 11:32 AM, Ralf Mardorf <ralf.mardorf at rocketmail.com>
wrote:

> On Thu, 16 Jul 2015 12:20:48 -0400, Daniel Micay wrote:
> >On 16/07/15 12:06 PM, Ralf Mardorf wrote:
> >>
> http://www.theguardian.com/technology/2015/jul/14/facebook-end-adobe-flash-firefox-blocks-hacking
> >
> >Mozilla blocked the vulnerable version, as they've done in the past.
> >The current release isn't blocked because there aren't yet disclosed
> >security vulnerabilities.
> >
> >Google bundles the PPAPI Flash player with Chrome so they don't need a
> >comparable blacklist as it gets updated with the browser.
>
> That's not why I posted this link. I posted it regarding the
> quote of Facebook’s head of security Alex Stamos:
>
> "It is time for Adobe to announce the end-of-life date for Flash and to
> ask the browsers to set killbits on the same day."
>


More information about the arch-general mailing list