Mozilla To Protect Adobe Flash Users

juct writes "Beginning with versions 3.5.3 and 3.0.14 of Firefox, Mozilla is going to check the version of installed Adobe Flash plug-ins and warn users if it discovers an outdated version with potential security holes. Mozilla confirmed this new security feature and said that the Flash version check was part of a wider commitment to 'protect users from emerging threats online.' Just recently, a study confirmed that 80 per cent of users surf with a vulnerable version of Adobe's plug-in."

Guaranteed to work

[Norsefire]

"WARNING!! The version of Adobe Flash you are using is out of date and contains security holes, please upgrade by clicking here ..."

Oh dear, I don't understand what this means. Luckily my son, who got sick of me ringing him for computer help, told me what to do whenever I encounter a box I don't understand; click the X, or click cancel, or ignore. Now back to clicking on every ad I see.

Of course, that isn't likely to happen. It would be more like:

WARNING!! The version of Adobe Flash you are using is out of date and contains security holes, unfortunately you are using Internet Explorer so there is no warning.

Re:

[Anonymous Coward]

I got my parents to use Firefox. (of course, for some reason, they call it "Mozilla" and not "Firefox")
They're mostly happy, except you can clearly see the porn my dad goes to thanks to the smart location bar.

See, it's not impossible.

Re:Guaranteed to work

[RiotingPacifist]

ctrl+shift+P FTW, that way nobody has every found out that i like gay midget donkey porn!

Re:

[commodore64_love]

>>>i like gay midget donkey porn!

Big deal. At least that's legal. I like porn starring 15-year-old men and women, and for some reason I'm in jail? (shaking head). Illogical.

Re:

[badkarmadayaccount]

Mod parent insightful.

Re:

[Rockoon]

Prude!

Re:

[drseuk]

Just be grateful the Mozilla Protection Project is sponsored by Google and not Durex.

Re:

[Jurily]

Yet.

Re:

[trawg]

It's an interesting branding issue - a significant proportion of the non-technical people I know that use Firefox call it Mozilla (though my dad keeps mispronouncing it "Mot-zilla", and he's not the only one I've met that does that).

Re:

[binarylarry]

Where I work, all the stupid fucking management call it "Mazolla."

You know, the MBA types.

Re:

[maxume]

It's not their fault that blonds are more fun.

Re:

[PsychoSlashDot]

It's an interesting branding issue - a significant proportion of the non-technical people I know that use Firefox call it Mozilla (though my dad keeps mispronouncing it "Mot-zilla", and he's not the only one I've met that does that).

Same cause as the one wherein I have to help my customers recover their Microsoft documents. Or fix the error they keep getting sometimes - they don't know when - in their Microsoft, which they refuse to write down. I've got a customer running two programs from Primavera (now owned by Oracle): Primavera Project Planner (P3) and Primavera Expedition. They're both "Primavera" to every employee at that customer.

The cause is marketing. Microsoft Windows. Microsoft Office Word 2007. Microsoft Internet Expl

Re:Guaranteed to work

[Midnight Thunder]

Oh I thought it should have been:

"Warning: You are using Adobe Flash, are you sure this such as good idea? How about some nice Dynamic SVG?"

Re:Guaranteed to work

[Late Adopter]

"Warning: You are using Adobe Flash, are you sure this such as good idea? How about some nice Dynamic SVG?"

That'd be great! Do you have any? This, ummm, isn't my website, you know. =P

Re:Guaranteed to work

[thanasakis]

Have you ever actually tried writing some nice dynamic svg?

Re:

[lukas84]

In 2015 i want my Mr. Fusion and flying Hovercars, not SVG.

Re:Guaranteed to work

[Hurricane78]

You contradict yourself twice in that little paragraph. What point is it you are trying to make?? ^^

I think they will simply click on that OK to upgrade, as they click on everything else. To support that, just make the cancel button look small, scary, not recommended, with a sick face and a burning computer on it, and make the OK button 80% of the rest of the dialog, and make it look like a "red cross love palace for health, safety and happiness".
I'm serious!

Also, here in Germany, most people use Firefox, you insensitive clod! :P

Re:

[commodore64_love]

>>>just make the cancel button look small, scary, not recommended, with a sick face and a burning computer on it, and make the OK button 80% of the rest of the dialog, and make it look like a "red cross love palace for health, safety and happiness".
>>>

This is what Paypal does when they ask, "Are you sure you want to use a credit card to pay?" with a gigantic "NO" and a little barely visible "yes I'll take the risk" next to it. I would prefer that my computer not adopt the same

Re:

[fluffy99]

Don't be a wuss. Upgrade the Flash its free and gets rid of a gigantic hole in your browser. I feel you're pain on Acrobat as they stopped supporting the ancient versions. But of course those versions can't handle all the files and features generated using the latest versions anyway. If you just want to print to PDFs, there are better free programs out there.

Re:

[value_added]

Oh dear, I don't understand what this means. Luckily my son, who got sick of me ringing him for computer help, told me what to do whenever I encounter a box I don't understand; click the X, or click cancel, or ignore. Now back to clicking on every ad I see.

How the fuck does a post that consists of incoherent rambling get modded up?

The above pseudo anecdote may have been funny if the fine article involved Firefox opening dialog boxes, but that's not the case. Either the OP either didn't read the article, or

Re:Guaranteed to work

[Dragonslicer]

How the fuck does a post that consists of incoherent rambling get modded up?

Um, this is Slashdot. You have been here before, right?

Re:

[aoheno]

Need tech support from the son but can post /.? Awesome. Can he help me get my great-grandmother to post?

Presumably

[drseuk]

the remaining 20% don't use Flash then?

Gnash?

[the_one(2)]

I admit i don't use flash very often because it's annoying and Adobe's flash plugin uses way to much CPU, but is it still needed? Gnash has worked for me every time I've tried it lately (admittedly mostly for youtube). Tried it now with a flash game and it seems to work.

Re:Gnash?

[RiotingPacifist]

Switching is too much of a PITA, if gnash works for 70%+ of content and i could easily load adobe for the other 30% (new games etc), i would switch too! Unfortunatly on linux switching requires me to run a script and restart firefox. Ideally gnash could chainload adobe flash but the devs probably hate the idea of accepting partial defeat, unfortunatly until they do its too much of a PITA for day to day use!

Re:

[dazjorz]

I don't know how it works, but in the default Firefox on Ubuntu, I can switch live between Gnash and Adobe Flash by a "plugins" button to the bottom right corner of every window. Maybe it's Ubufox doing that, not sure. Last time I used it it was a little buggy sometimes, but overall it works quite well.

Re:

[The MAZZTer]

Sounds like it doesn't from your post-parent. Mind giving some reasons why it "sucks"?

Re:

[TheRaven64]

For one thing, it doesn't (or, last time I checked, didn't) support the BBC iPlayer, which is about the only reason I would want flash to work. On the plus side, it does work with a lot of simple Flash adverts...

And Good For Them!

[Toad-san]

I've found replacements for Adobe Reader and Real player (Foxit and Real Alternative), but couldn't find a replacement for the Flash player (alas).

This is better than nothing. I have Flash (and all other scripts) turned off by default in my Firefox browser, but am still forced to use it to see some things.

Yeah, I know the troglodytes won't understand the warning, but it might give them the slightest clue that something's wrong.

Re:

[Onymous Coward]

... couldn't find a replacement for the Flash player (alas).

Eventually it'll be findable. In the form of standard HTML.

For a good number of uses that Flash is currently put to HTML is already the answer.

Re:

[vcompiler]

To put everything in a marked language standard is really a bad idea. If want to replace Flash, replace it with another better-design or more open PLUG-IN. Plug-in model is how software can be built by collaborative organizations and how each component remains clean-designed and well-maintained.

Re:

[characterZer0]

He wants a replacement for the flash client so he can see what others have created, not a replacement for the flash technology so he can create with something else. Such replacements already exists: Silverlight and JavaFX.

Re:

[tepples]

For a good number of uses that Flash is currently put to HTML is already the answer.

That is, if all the major browser makers can agree on a codec for the <video> element.

Re:

[Bri3D]

"Standard HTML" is sort of an oxymoron.

Yes, you can do a lot of what's done on the web in "standard" HTML - but then you have to wrangle it into every "standard" browser, which turns out to be subtly different and full of bugs compared to the next.

It's not even possible to point the finger straight at Microsoft any more - Firefox has its fair share of bugs and an awful lot of non-standard DOM extensions, and every browser disables and enables a certain feature which the next supports. Support is even added

Re:

[Onymous Coward]

Gosh, you'd almost think that it would be impossible to build a website.

People build websites. Websites that work across multiple browsers. It can be done.

And it'll get easier now that no one browser has the lion's share and a vested interest in subverting the platform.

Re:

[The MAZZTer]

I find using NoScript to keep Flash off until I want it on is quite acceptable. It may still be a risk if you frequent sites that allow users to upload their own flash content, but as long as you only visit such sites that screen and approve such content before making it public you should still be OK.

Re:

[sowth]

I have a suitable replacement for flash. Take a strobe light, a 555 timer, capacitor, resistor and power transistor. Connect them into a nice circuit, setting the timing freq for about 1 sec. Shove face into strobe light. Turn on power! Instant replacement for flash, and you don't even have to watch any "punch the monkey" ads.

Does flash not already do this?

[RiotingPacifist]

Doesn't flash already prompt you to upgrade from an old version?
if so how will this warning be more effective (unless they add an auto-update feature)?
if not, WTF ADOBE!!!

Re:Does flash not already do this?

[postmortem]

It does, sometimes on system startup; however it only installs updated plugin for Internet Explorer.

Re:Does flash not already do this?

[A Friendly Troll]

I have never had Flash notify me that it needs an update. Ever. The only time I've seen the notification was on a single computer at the office.

A few days ago I was given this link http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager05.html [macromedia.com] - I think it was somewhere on Slashdot, either in the article, or in the comments. Sure enough, I went there, and Flash was set to never notify me of updates.

Worth checking out.

Re:

[Sulphur]

We are sorry, this page is designed to work with version 8 or greater. You are using version 10.

Re:

[smoker2]

Hear, hear.

Re:

[Krneki]

Only if you have Adobe bloatware installed on your PC. I like to keep it clean, so I remove all the Adobe crap from the Auto-start menus.

Re:

[fluffy99]

No it does not. Some websites check the version and prompt you, but its not a feature of flash itself. I wouldn't mind if Firefox popped up a warning at startup, letting me know there is a new version of available if the installed version has a significant vulnerability. Something similar to the nag screen about updating the add-ins. You better give me an option to ignore the warning though, as I may have a valid reason for not upgrading such as breaking a corporate app.

Re:

[smoker2]

It is a feature within Flash itself. Because they fucked up an earlier version, my perfectly valid flash movies show a warning to upgrade to version 10, even though I'm using version 10. I certainly didn't put anything in the script or on my website that would check for version and give warnings, so who did ? I'm not saying Adobe makes it check for updates, I'm saying Adobe provided the ability in actionscript or by some other means, for the developer to check the version from within flash.

Re:Hmm -- Mod up parent

[billsf]

Don't know who this guy is, but this is what developers are like. Maybe if they had a key sequence to do it, it would be easier for us. Then again I don't ever expect Mozilla to beat FreeBSD on an exploit.

Here is patch

[dvh.tosomja]

+ function IsFlashVulnerable(FlashVersion) {
+ return true;
+ }

one of the major reasons I don't use Flash

[Onymous Coward]

Just recently, a study confirmed that 80 per cent of users surf with a vulnerable version of Adobe's plug-in.

It's an easy/appealing target vector. With the slow revving even the most recent version hangs your ass out in the wind to a substantial degree.

Now just throw in a good website (server/framework/XSS/whatever) exploit and you've got a serious worm.

For the worth of the putative benefits I am not encouraged enough to hang my ass out for Flash. (Except I do have it installed! Just kept dormant until I (rarely) click my NoScript button.)

Automatic updates

[chrisgeleven]

I am really surprised browser makers aren't doing automatic updates for plugins like Flash. That is really the only way to keep them up-to-date.

Re:

[Sosigenes]

I have been thinking the same thing. I dont think I have ever been prompted to upgrade Flash on my current install, and it's quite far out of date. It's a shame Firefox can't use Mozilla's update functionality for updating plugins as well as addons, as then it would be seamless. In fact, I've just tried to find an easy way to upgrade Flash, and it seems the only way is to go back to the website and download it again?

Re:

[Junior J. Junior III]

Flash does notify me when there's an update available. I'm confused as to what more is needed, other than a truly secure Flash, and a secure environment to run it in.

Re:

[TheRaven64]

I'm more surprised that they don't run the plugins as an unprivileged user and reparent the window on X11 or use the platform's native sandboxing capabilities on Windows to prevent exploits in the plugin from compromising the browser, let alone the system. But then, popping up a dialog box when there are known vulnerabilities is easier than writing secure code.

Re:

[robmv]

Mozilla has provided the tools to do it with extensions, I do not know the reason why Adobe is afraid to build an XPI with Flash and publish all updates on Mozilla Add-ons site. They already do a yum repository for us, users of RPM based Linux dsitributions

Re:

[causality]

Mozilla has provided the tools to do it with extensions, I do not know the reason why Adobe is afraid to build an XPI with Flash and publish all updates on Mozilla Add-ons site. They already do a yum repository for us, users of RPM based Linux dsitributions

... because an XPI extension is written in XUL and/or Javascript, while a plugin is a compiled DLL that the browser loads up into its address space. they are two different things that work in different ways, even though they both add features to the browser. That's not to say that Flash couldn't be hosted on Mozilla's add-ons site, just that you are unlikely to see it in the form of an XPI file.

The real reason why you probably will never see it hosted on a non-Adobe server is simple enough. Nothing re

Re:

[robmv]

... because an XPI extension is written in XUL and/or Javascript, while a plugin is a compiled DLL that the browser loads up into its address space. they are two different things that work in different ways, even though they both add features to the browser. That's not to say that Flash couldn't be hosted on Mozilla's add-ons site, just that you are unlikely to see it in the form of an XPI file.

Why some people always assume the person that is talking has no knowledge of what he or she is saying?, please take a look at Mozilla Extension reference [mozilla.org] and you will see that you can package plugins inside an XPI (/plugins/* reference on the exampleExt.xpi sample)

Re:

[causality]

... because an XPI extension is written in XUL and/or Javascript, while a plugin is a compiled DLL that the browser loads up into its address space. they are two different things that work in different ways, even though they both add features to the browser. That's not to say that Flash couldn't be hosted on Mozilla's add-ons site, just that you are unlikely to see it in the form of an XPI file.

Why some people always assume the person that is talking has no knowledge of what he or she is saying?, please take a look at Mozilla Extension reference [mozilla.org] and you will see that you can package plugins inside an XPI (/plugins/* reference on the exampleExt.xpi sample)

No assumption was intended and I apologize for giving you that impression. I just honestly believed at the time that you had this wrong because I made a mistake. I stand corrected. Thank you for taking the time to point this out, because even when it's a rather inconsequential thing like this, I still don't want to believe things which are false.

If I may revise my answer to your question, I would speculate that they don't produce an XPI for the Flash plugin because it would be incompatible with IE, wh

Re:

[robmv]

Apologies accepted, and sorry for being harsh but I have been hit by that behavior many times here on slashdot....

Adobe already has separate installer for IE (ActiveX in browser installation) and the traditional .EXE installer for other browsers. Introducing and XPI will not remove the need for an EXE installer (other NP plugin based browsers need it) so you are right about the extra burden.

Adobe has a license for redistribution but is restricted to intranet cases, or public but only using physical media (a

Re:

[AlgorithMan]

That is really the only way to keep them up-to-date.

you must be a windows user... every friggin Linux Distro keeps flash up-to-date without third-party apps doing stuff, which is OS-business (especially when the user might not have administrator privileges)

Re:

[countertrolling]

That is really the only way to keep them up-to-date.

Well, yeah. If you trust automatic not to break something, or load your machine with junkware like the Adobe Download Manager(which seems unavoidable no matter how you install it)... In my case, just like in that old headache commercial, I'd rather do it myself.

A change of attitude

[TorKlingberg]

I am happy too see an open source developer dropping the attitude that if the bug is not in their code, then it's not their problem.

The next step would be to make sure that at least the most popular extensions work with a new version of Firefox when it is released.

Re:

[causality]

I am happy too see an open source developer dropping the attitude that if the bug is not in their code, then it's not their problem.

They're only having to do that because Adobe refuses to fix Flash. By that I do not mean the current approach of patch after patch. I mean really fix it, which would probably require reimplementing it from scratch using secure programming practices from the very beginning. Right now, the security history of Flash is a complete joke compared to anything else except maybe ear

Yeah, I got that.

[thePowerOfGrayskull]

Signed up for beta/testing FF updates. I get notified by FF that adobe is out of date. I click to install it. And lo! what installs? Not Flash... but some crappy Adobe Download Manager plugin whose sole purpose seems to be to download and install Adobe products. The Flash update did not ever download, even after FF restart.

Broke my own first rule on this one -- never download anything you're not 100% certain of - but it's still frustrating. If FF tells me it's taking me to install Flash, I think I should be able to trust that Flash is what I'm going to get.

swapping one exploit for another

[Anonymous Coward]

swap one exploit for another
http://www.google.com/search?hl=en&q=%22Adobe%20Download%20Manager%20%22%20exploit [google.com]

wtf is wrong with Adobe ? whats wrong with just providing the plugin and nothing else ?
i should also rant at Sun for installing their fkin Yahoo toolbar/spyware accross our corporate network on every Java monthly update or installing their quickstarter/net assistant Firefox plugins without permission,then there is Apple with their forcing "Safari" (another exploit vector) as a pre-ticked update

Re:

[countertrolling]

perhaps when they get tagged as badware and spyware their behaviour might change...

Can't remember where I read it, but one of the adware/antivirus removal companies was being sued by a junkware creator. I guess they didn't like being tagged. Shades of Gator(CLaria).

Completely off-topic

[agnosticnixie]

For added lulz - Adobe's CS uses a full copy of an old and vulnerable version of Opera for its home-phoning loading screens, and for bridge - and of course their retarded mac devs (there used to be a a few hacks to make CS3 work In mAcOS x Hfs+ wIth CAsE sEnsitIVIty because apparently their coders are drunk monkeys, now they disabled it by making it impossible to install CS4 if the root partition is on a case-sensitive FS - I said fuck it, deleted the trialware and just moved to alternatives that fill my ne

Re:

[PIBM]

What's the alternative to Photoshop CS4 ?

That could really be usefull!

Re:

[Ma8thew]

There is no replacement for all of Photoshop's functions, but the majority of the functions normal people use can be found in Pixelmator [pixelmator.com] or Acorn [flyingmeat.com]. For added points, Acorn has a Python powered plugin interface.

Re:

[agnosticnixie]

Sadly I don't use photoshop so I didn't have to look for a serious alternative, what tools I needed replaced were Illustrator and Flex (well, and Dreamweaver and Premiere in theory, but I've always handcoded that stuff and FCX/FCP seemed a better bet.
I'd be semi tempted to say Iris but the project looks dead even if it's not a beta, pixel is perpetual vaporware, chocoflop seems promising but some versions of the beta are crashy to say the least, and pixelmator seems mostly like gimp+isight plugin and last

Re:

[agnosticnixie]

GIMP 3 maybe, but right now, it's too limited if the editing happens to be photography.

Re:

[jayemcee]

Here's a link for the latest version of the player without the download manager attached. http://download.macromedia.com/pub/flashplayer/updaters/10/flash_player_update3_flash10.zip [macromedia.com]

Getting Flash to work was a pain

[billsf]

But FreeBSD will protect you. I doubt Mozilla will ever catch me with a vulnerable version unless you say all Flash is vulnerable -- a point I won't argue. At least I have a 'kill script' to kill an annoying flash page.
While preserving the text I really want. For most viewing (video) I use VLC, clive and a script to glue them together. (written is sh -- hint tested with bash too) See the benefits of open source software?

BillSF

Sorry Microsoft -- you sold the only good thing you had -- Office. Lets hope the

Real protection?

[hansamurai]

How about protecting my browser from an Adobe crash? I know you're working on isolated tabs, but hurry up already!

Re:

[maxume]

Flashblock (or noscript) does a pretty good job at this; most of the flash content that you want to run is also flash content that the creator cares about debugging well (as opposed to advertisements and such).

Re:

[nickysn]

It's called nspluginwrapper and has been in Fedora for ages. It wraps the Firefox plugins and executes them in a separate process. If that separate process crashes, the crashed plugin stops working temporarily. Reloading the page restarts the plugin again. It also allows running 32-bit plugins in a 64-bit browser. It only isolates the plugins and not the browser code, but the browser is quite stable nowadays, so I consider it an overkill and a waste of resources to run each tab in a separate process. If the

Re:

[CajunArson]

That's funny... nspluginwrapper tended to cause most of the problems I had with flash... since Adobe came out with the 64 bit Linux releases, I can't remember the last time the browser crashed due to Flash issues.

Oh hey

[Anonymous Coward]

I use chrome which sandboxes plugins so most/any vulnerabilities are likely to do no more than crash the current tab. Why not make the entire browser secure from the ground up rather relying on the human element to keep things right?

Re:

[Mashiki]

The browser is secure. I've mentioned this in other security forums, but flash & java went the way of ActiveX several years ago. "Playing outside the sandbox", a bad, bad idea. Soon as that happened, not only did it open a sluice of security vulnerabilities, but it broke the traditional sandbox concept of safe browsing. Now that doesn't stop the occasional stuff like buffer overruns, or divide by zero bugs to get control of a system. Bugs are bugs, but when you're able to send redirect requests to

Finally

[DaveGod]

Even as a long time FF user I keep going to the Plugins menu, looking for and wondering why there isn't a "check for updates" button, just like there is for extensions.

Most plug-in authors do have their own auto-update programs but I dislike using them - I keep having to disable them from loading at boot, and they seem to do other crap I don't want like try to installl their other crapware. Even just trying to download flash they want you to install some download manager first; there used to be a proper ins

Re:

[nickysn]

Even as a long time FF user I keep going to the Plugins menu, looking for and wondering why there isn't a "check for updates" button, just like there is for extensions.

In the long term, they're planning to implement that also: http://blog.mozilla.com/security/2009/09/04/helping-users-keep-plugins-updated/ [mozilla.com] This is only the first step in a multi-step process that weâ(TM)re going down: 1. The first is to do a check when we update the browser. This is what weâ(TM)ll include with 3.5.3. 2. Second, weâ(TM)re going to have a regular page that you can go to to check the state of other plugins as well. This will happen sometime this month. 3. Firefox 3.6 will ch

2o7.net

[saur2004]

The reason I have not updated my very old version of Flash is because I heard about Omniture and 2o7.net [slashdot.org] and no they have not sufficiently explained themselves to their user base.

In the meantime...

[MrNonchalant]

Here's a page that checks your Flash version and lists the latest version for the different browsers/operating systems: http://www.adobe.com/software/flash/about/ [adobe.com]

Re:

[Culture20]

Here's a page that checks your Flash version and lists the latest version for the different browsers/operating systems: http://www.adobe.com/software/flash/about/ [adobe.com]

That's nothing, I know a lot of pages that will check your flash version for the different browsers/operating systems, *and* attempt to install software for you. They might even entertain you while you wait.

Version checking applications

[Wowsers]

I don't think it would go down too well if version checking was built into the current version of Skype for Linux.

"Dear Linux user, your version of Skype has not been updated for 2 1/2 years, there are no new updates planned, and x86_64 versions are out of the question. Please feel free to vent to eBay where they will helpfully file your comments in /dev/null.

Thank you for choosing Skype."

Re:

[j_sp_r]

A newer beta was released a week ago. Still no x86_64 but I don't care that much (just install the 32 bit packages with it)

Re:

[Minwee]

Please feel free to vent to eBay where they will helpfully file your comments in /dev/null.

Why would eBay care [skype.com]? You might have better luck complaining to marca instead, since he just bought the frakkin' thing.

upgrade? Why not block

[IceFox]

If the user doesn't upgrade does it disable the plugin?

Re:

[PrimaryConsult]

That would be annoying for Linux users... while updating flash is not difficult, it is... awkward for less technically inclined users who had someone else set it up for them. As one who has set up such installs for people, I don't want to have to walk them through manually copying a new libflashplayer.so into their /usr/lib/blah/plugins directory every time a flash update happens.

Re:

[Minozake]

Not to mention possibly troublesome for multi-user systems on a guest account where flash is grabbed from a global directory. But, I suppose if a sysadmin were to update firefox, they should also probably update flash. If they don't value security, that is.

However, flash can be installed to ~/.mozilla/plugins/ for precedency over the global directory. I'd hate to be support on that:

User: "Where's .mozilla? I can't see it!"
Support: "What file manager are you using?"
[...]

Sounds stupid

[tengeta]

There are more holes in Flash than every version of Windows and MacOS combined. Updating may fix 3 of those issues at a time, while 50 more are found. Whoooooooeeeeeeeeeeeeeeeeeeeeeee

Flash cookies too?

[Pertain]

And how about also dealing with the privacy/tracking issues associated with Flash? Flash has the ability to stores cookies (LSOs or Large Storage Objects) with impunity. Flash cookies can be auto-deleted using a Firefox addon called "BetterPrivacy" but it should be built in to the standard Firefox privacy feature.

Maybe it's time for a latest-version.org.

[L-SWAT]

As said here : http://www.osnews.com/comments/22120 [osnews.com] What about Java? What about Quicktime? What about Unity? What about VLC? What about ... http://latest-version.org/latest-version.txt [latest-version.org] http://latest-version.org/linux.txt [latest-version.org] http://latest-version.org/quicktime-version.txt [latest-version.org] ...

Better yet, warn about any flash

[Baloo Uriza]

"This site uses a Flash plugin, instead of accepted and open internet standards. Flash has no public source code, and thus no critical peer review. Software with no peer review is intrinsically a security threat to your system. Automatically send nastygram to webmaster?" [Yes] [Search Google for a competing site]

Re:

[Kagetsuki]

Mod parent up! I personally surf with flashblock and rarely hit the activate button. I rarely use youtube or video sites, and when I do there is a plugin called DownloadHelper I have set up to download, convert to standard mp4, then play the video for me in mplayer. But you know what, having an auto nastygram button would be awesome! If an auto-nastygram plugin exists I'd like to know the name of it.

Re:Drunk the Kool-Aide

[RiotingPacifist]

I'm sorry in future we will try and make all releases of software perfect and not release until we are 100% sure no vulnerability will ever be found

~the hurd team

Re:

[bvankuik]

Just thought I'd notify people that the above message is from an imposter, NOT from the real Hurd team! Besides the giveaway of the high UID, look at the signature people. Looking at it? It should be signed off as the GNU/Hurd team. Double-duh!!!!1!!1

Re:More hand holding, more bloat. FF is getting sh

[coryking]

Why don't you just use Lynx or wget? You anti-"bloatware" people seem to make a stink about anything that isn't plain ASCII anyway.. why not just go all out and use the least "bloated" client on earth? I'm serious. Use wget. It seems more your style.