- Adobe Flash 188.8.131.521 is available currently for Linux Mint 13 and 17.x, and for LMDE 1 and 2, through Update Manager. This fixes the security vulnerabilities.
With these steps Firefox on Linux Mint no longer blocks Flash content on all web pages. Well, till the next Flash vulnerability sees light of day. You might want to leave Adobe Flash on disabled or remove it altogether. Various distros are making that also the default for their next releases, shipping without Adobe Flash installed. Like me you will likely be surprised how many websites showed the annoying message asking to allow Adobe Flash but work perfectly fine without it once you've removed Adobe Flash.
Firefox has started blocking Adobe Flash content on all websites from today. This is security precaution by Firefox in response to a number of severe security vulnerabilities in Adobe Flash that have been exposed. You are vulnerable if you are using Firefox with Adobe Flash on Linux.
The list of vulnerabilities is: https://helpx.adobe.com/security/produc ... 15-18.html. Some more background information: http://arstechnica.com/security/2015/07 ... ava-0-day/.
Recently a large number of documents from the spyware development company "Hacking Team" have been exposed and these documents contain details on several unpatched security vulnerabilities in Adobe Flash. These vulnerabilities are severe and as these documents contain detailed information on how to exploit them there is a high risk that these are now actively being exploited by malware creators. Firefox will continue to block Adobe Flash content till Adobe has patched all these security vulnerabilities.
Q: How can I recognize that Firefox is blocking Adobe Flash content?
You will either see a bar like this at the top of pages that have blocked Adobe Flash content (click to enlarge):
Or you will see an image like this overlapping the blocked Adobe Flash content (click to enlarge):
Q: I don't see any messages in Firefox about blocked Adobe Flash content. What's up?
If you have temporarily or permanently allowed Adobe Flash content on a website, you won't be shown these messages on that website again (for temporarily for a limited time). It may also be the case that the page you are on doesn't have any Adobe Flash content.
Or possibly your Firefox hasn't refreshed its blocklist yet and is thus not yet actively blocking Adobe Flash content. The blocklist is periodically refreshed. You can force the blocklist to refresh immediately by following the steps under Forcing a Blocklist Ping.
Q: Can't I just disable Firefox blocking Adobe Flash content?
No. You can only allow Adobe Flash content temporarily or permanently on a per website basis. I would urge you to disable Adobe Flash altogether for the time being or if you do need Adobe Flash on some website to only allow it temporarily. If you disable Adobe Flash altogether Youtube will automatically switch to use HTML5 playback for videos.
Q: How can I disable Adobe Flash altogether?
Open Firefox and in the address bar type about:addons and press enter. Find Shockwave Flash in the list of plugins and change it from "Ask to Activate" to "Never Activate".
Q: Can't I just uninstall Adobe Flash?
Yes but this will only affect Firefox and other web browsers that use that version of Adobe Flash. Google Chrome and (optionally) Chromium use a different version of Adobe Flash (PepperFlash) in which these vulnerabilities have already been fixed on Linux. Disabling the plugin in each web browser you use suffices and you don't need to uninstall Adobe Flash to be secure.
If you do want to remove the Adobe Flash plugin from your system (the one used by Firefox) you can do so by searching for "flashplugin" in Sofware Manager an uninstalling it from there. Or on the terminal enter this command:
Code: Select all
apt purge flashplugin*
Q: Are other web browsers also affected?
Yes, but for Google Chrome and Chromium the vulnerabilities are already fixed by Google on Linux. Any web browser other than an updated Google Chrome or Chromium using Adobe Flash is vulnerable. I would urge you to disable Adobe Flash altogether in other web browsers as well or at least change it to "Ask to Activate".
Q: What can I do if I (also) use Google Chrome or Chromium?
Type chrome://plugins in the address bar and press enter. Confirm that Adobe Flash in the list of plugins has version 184.108.40.206 or newer. If it doesn't have that version yet, open Update Manager and apply any update for Google Chrome, Chromium Browser, and PepperFlash Plugin.
Alternatively, if you want to disable Adobe Flash in Google Chrome or Chromium type chrome://plugins in the address bar and press enter. Find Adobe Flash in the list of plugins and click "Disable".
Alternatively, to change Adobe Flash to "Ask to Activate" in Google Chrome or Chromium type chrome://settings in the address bar and press enter. Scroll to the end of the page and click on "Show advanced settings...". Under the heading Privacy click on "Content settings...". Under the Plugins heading there change it from "Run all plugin content" to "Let me choose when to run plugin content".