50% Firefox Users Running Vulnerable Flash Version
Mozilla, which has assessed the user traffic to its latest web-page, has advised users of Firefox to install the latest version of the Adobe Flash Player plug-in, informing that over 50% of the users had an unsafe edition running on their systems. It found that an estimated 30% of the said users went for clicking the link to the update.
Actually, a couple of days prior to the time when Firefox 3.5.3 and 3.0.14 were released, i.e. on September 4, 2009, Johnathan Nightingale, Head of Security at Mozilla, had declared that when users consider upgrading to the fresh editions, they must also be instructed to update their Flash Player. This decision was taken when Mozilla found attacks exploiting security flaws within the widely-used Adobe software, which have recently grown in volume.
An examination of the expired version of Flash Player is being conducted during its first run on "whatsnew" webpage. Accordingly, users who were identified working with vulnerable Flash Player editions received an alert along with a direct web-link leading the user to Adobe's website; and from there, the latest version could be easily downloaded and installed.
Says Mozilla that from among the 6 Million people who adopted the Firefox updated versions 3.5.3 or 3.0.14, a little over 3 Million were identified working with an obsolete version of Flash Player. Merely 35% of them informed that they had an unsafe installation clicked on a link while upgrading to the fresh version.
This clearly indicates that about 2 Million Firefox users continued to be susceptible to exploit assaults despite Mozilla alerting them that their current Flash Player version could give rise to stability and security problems and that they needed to immediately update Adobe Flash Player.
In the meantime, Mozilla's efforts towards supporting Firefox's security through the warning and suggestion appear to get only limited response.
Still, Mozilla is happy with whatever response has come about, since that figure is much higher than the 5% of users who followed the upgrade links by means of whatsnew webpage prior to the alert. In fact, Mozilla is even considering of expanding its project to encompass other plug-ins within the browser's future versions.
Related article: “Loopholes did not cause online banking thefts”: ICBC
» SPAMfighter News - 07-10-2009