Mozilla has made the decision to automatically disable all versions of Adobe Flash player in the Firefox web browser, due to concerns over newly discovered security vulnerabilities.
Three vulnerabilities were discovered during the hack of controversial Italian firm Hacking Team, which saw 400GB of their internal documents leaked on 6 July.
The documents contained exploits for flaws in the Action Script 3 and BitMapData components of Flash and it is known that the Action Script 3 flaw has already been integrated into two different exploit kits. A third Flash zero-day vulnerability has already been patched by Adobe.
Exploit kits are sold by cybercriminals on the internet and enable anyone to hack a system that uses Adobe Flash and plant spyware, malware or some other type of malicious program into it.
Flash automatically disabled on Firefox
Adobe plans to patch the latest two vulnerabilities this week, but in the meantime, the Flash plugin will be automatically disabled in Firefox.
"All versions of Adobe's Flash Player plugin are currently deactivated by default, until Adobe releases an updated version to address known critical security issues," Mozilla writes on a support page explaining blocklists.
Adobe Flash is almost 20 years old and has had well over 100 security updates since the release of Adobe Flash Player 9 in 2007.
Prior to the Heartbleed OpenSSL security vulnerability discovered last April, Adobe Flash was considered to be one of the worst security vulnerabilities in terms of expensive consequences to businesses and security experts have been warning users to disable it on all computers for several years.
Steve Jobs hated Flash for crashing Macs
Even Steve Jobs was hugely critical of Adobe Flash, and in 2010 wrote an open letter stating all the things he didn't like about it – such as Flash's lack of open web standards, and its propensity to crash Macs.
In 2012 Adobe stopped using Flash on mobile devices, but it is still used on many websites and to display old PC computer games.
Last week, Facebook's Chief Security Officer Alex Stamos chimed in too, calling on Adobe over Twitter to kill off Flash for once and for all.
"Even if [it's done] 18 months from now, one set date is the only way to disentangle the dependencies and upgrade the whole ecosystem at once," Stamos wrote on Twitter.
There is even an Occupy Flash movement on the internet trying to encourage all users to uninstall and disable flash on Windows, Macs, Linux and Google Chrome browsers, as well as preaching to web developers to only use HTML5 when designing new websites.