Alex, Mozilla has blocked older versions of the Java plugin (on Windows) recently (http://blog.mozilla.com/addons/2012/04/04/update-on-java-blocklist/) so it seems possible that older versions of the Flash Plugin may be blocked at some time in the future if the situation warrants.
See http://blog.mozilla.com/decoder/2012/04/06/why-an-outdated-java-plugin-is-so-serious/ for some discussion of the circumstances surrounding the Java block. Overall I think that click to play is the feature that will mainly be used to protect users from older/vulnerable plugins in general, but that is my personal opinion :) Also please note that there's a pre-release sandboxed version of the Flash Player plugin for Firefox (http://blogs.adobe.com/spohl/2012/02/09/adobe-flash-player-for-firefox-gets-a-sandbox-2/) and Flash Player for Firefox recently has shipped a 'silent update' feature (http://blogs.adobe.com/asset/2012/03/an-update-for-the-flash-player-updater.html), both of which help mitigate attacks against Firefox users' Flash plugins. thanks ian ----- Original Message ----- From: "alex mayorga" <[email protected]> To: [email protected] Sent: Monday, April 9, 2012 6:14:31 AM Subject: Bug 526019 - Blocklist vulnerable versions of flash for Firefox Hello! Thanks on trying to make the web more secure. Would https://bugzilla.mozilla.org/show_bug.cgi?id=526019 be ever actioned on? Regards, Alex _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
