Earlier this year, in our 2015 Threat Report, our own Sean Sullivan predicted that Chrome, Firefox, and Microsoft would announce an iterative shift away from supporting Flash in the browser by 2017. Last month, we covered the announcement made by Google.
As predicted, just yesterday, the Firefox developers made a similar announcement on their blog.Firefox will begin dropping Flash support by blocking specific SWF files via a blocklist. The list will initially contain just plugins designed for “fingerprinting”. As stated by the Firefox developers, the criteria for adding content to the blocklist are:
The blocklist will be expanded to cover more types of content throughout this year, and by the beginning of next year, Firefox will require click-to-activate approval from users before a website activates the Flash plugin for any content. The next major Firefox ESR (Extended Support Release) release, scheduled for March 2017, will, unfortunately still continue to support plugins such as Silverlight and Java until early 2018.
The guys at Mozilla state that these changes will improve browsing stability, battery life, and performance. For us, the great news is that these changes will improve browsing safety, by greatly reducing the attack surface exploit kits have to work with.
And with that announcement, it’s two down, one to go.