Flash player blocked?
When I go to websites using Flash in Firefox, I get this warning:
This plugin is vulnerable and it should be updated.
Mozilla's plugin check agrees:
Adobe Flash Player Shockwave Flash 11.2 r202 vulnerable 11.2.202.438
But if I follow the update link and download the Ubuntu version (opening with Software Center) I get
There isn’t a software package called “adobe-flashplugin” in your current software sources.
If I run
sudo apt-get update
sudo apt-get install -y flashplugin-installer
I'm told
flashplugin-installer is already the newest version.
So how can I update?
Another update: Currently flash may be blocked if it doesn't show as having the right version - e.g. for me on Firefox it shows as 11.2.202.569 in Firefox (And blocks it) but the package has 11.2.202.577
installed (the flash lib binary shows also 11_2_202_577
, so something's broke). Basically it is up to date if it matches the version here.
UPDATE (from https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/FirefoxAndAdobeFlashNPAPI):
Firefox blocks Adobe Flash NPAPI plugin for 11.2.202.481 and earlier
Several serious security vulnerabilities were found in Adobe's flash plugin with exploits known to be in the wild. Because of the critical nature of the vulnerabilities, the Mozilla foundation decided to block this version of the plugin. Unfortunately, at the time of the blocklist, only the PPAPI version of the plugin (as used by chromium) was available and Firefox users found the NPAPI plugin was blocked via Firefox's click-through security mechanism.
UPDATE: As of 2015/07/16, Adobe released 11.2.202.491 which fixes all known issues for PPAPI and NPAPI and updates are available for Ubuntu
Timeline
- 2015 Jul 14: Adobe releases flash plugin security update for PPAPI ahead of NPAPI
- 2015 Jul 14: Ubuntu Security contacts Adobe regarding NPAPI. Ubuntu told NPAPI plugin will be ready soon
- 2015 Jul 14: Ubuntu releases adobeflash-plugin and flashplugin-nonfree with updates for PPAPI only
- 2015 Jul 16: Adobe releases updates for NPAPI (11.2.202.491)
- 2015 Jul 16: Ubuntu releases adobeflash-plugin and flashplugin-nonfree with updates for NPAPI (11.2.202.491), including the previous PPAPI fixes
SecurityTeam/KnowledgeBase/FirefoxAndAdobeFlashNPAPI (last edited 2015-07-16 13:36:40 by jdstrand)
You should be able to update/install it using:
sudo apt-get update
sudo apt-get install flashplugin-installer
(or sudo apt-get install --reinstall flashplugin-installer
, sudo apt-get remove --purge flashplugin-installer && sudo apt-get install flashplugin-installer
etc)
or, it should also be updated if you use:
sudo apt-get update
sudo apt-get upgrade
Flash is currently being blocked in Firefox by default in all versions:
Anyway, to fix it:
Open the Add-ons Manager ('Tools' > 'Add-ons',
about:addons
, CtrlShift+A)Go to Plugins
In the dropdown next to 'Shockwave Flash' select 'Ask to Active'
Please only do this if desperate - youtube and other sites now have a option to use HTML5, which should be used in preference to this)
This is due to the unfixed security issues in the Adobe Flash plugin, which can be widely exploited by attackers.
The flash plugin in general is very insecure and should be replaced - apparently Adobe and others should be reducing the use of Flash to replace it with HTML5, WebGL and other open standards. One of the reasons (other than they couldn't be asked...) that the Linux version of Flash is stuck at 11.2 (the version for linux gets security backports for 5 years from release) is due to the supposed roadmap with which Adobe will remove Flash support globally (supposedly).
See also:
- Twitter - Facebook Security Chief's view on the matter
- The Register - Adobe: You just don't know what it's LIKE having to look after Flash security
Just do this
sudo apt-get install flashplugin-installer
I noticed that all versions of adobe flash (current version on all operating systems) is blocked now from automatically running. what I did is with firefox closed, open up the home foldier, show hidden files then go to .mozilla/firefox/*.default and edit the pluginreg.dat file search for your version (mine was 11.2.202.481 located under the entry /usr/lib/flashplugin-installer/libflashplayer.so:$ in the file) I changed the 11 to 19 and no more annoying message from firefox. now firefox thinks my version is 19.2.202.481