Ubuntu – Flash player blocked

flash

When I go to websites using Flash in Firefox, I get this warning:

This plugin is vulnerable and it should be updated.

Mozilla's plugin check agrees:

Adobe Flash Player Shockwave Flash 11.2 r202 vulnerable 11.2.202.438

But if I follow the update link and download the Ubuntu version (opening with Software Center) I get

There isn’t a software package called “adobe-flashplugin” in your current software sources.

If I run

sudo apt-get update
sudo apt-get install -y flashplugin-installer

I'm told

flashplugin-installer is already the newest version.

So how can I update?

Best Answer

Another update: Currently flash may be blocked if it doesn't show as having the right version - e.g. for me on Firefox it shows as 11.2.202.569 in Firefox (And blocks it) but the package has 11.2.202.577 installed (the flash lib binary shows also 11_2_202_577, so something's broke). Basically it is up to date if it matches the version here.

UPDATE (from https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/FirefoxAndAdobeFlashNPAPI):

Firefox blocks Adobe Flash NPAPI plugin for 11.2.202.481 and earlier

Several serious security vulnerabilities were found in Adobe's flash plugin with exploits known to be in the wild. Because of the critical nature of the vulnerabilities, the Mozilla foundation decided to block this version of the plugin. Unfortunately, at the time of the blocklist, only the PPAPI version of the plugin (as used by chromium) was available and Firefox users found the NPAPI plugin was blocked via Firefox's click-through security mechanism.

UPDATE: As of 2015/07/16, Adobe released 11.2.202.491 which fixes all known issues for PPAPI and NPAPI and updates are available for Ubuntu

Timeline

2015 Jul 14: Adobe releases flash plugin security update for PPAPI ahead of NPAPI

2015 Jul 14: Ubuntu Security contacts Adobe regarding NPAPI. Ubuntu told NPAPI plugin will be ready soon

2015 Jul 14: Ubuntu releases adobeflash-plugin and flashplugin-nonfree with updates for PPAPI only

2015 Jul 16: Adobe releases updates for NPAPI (11.2.202.491)

2015 Jul 16: Ubuntu releases adobeflash-plugin and flashplugin-nonfree with updates for NPAPI (11.2.202.491), including the previous PPAPI fixes

^{SecurityTeam/KnowledgeBase/FirefoxAndAdobeFlashNPAPI (last edited
2015-07-16 13:36:40 by jdstrand)}

You should be able to update/install it using:

sudo apt-get update
sudo apt-get install flashplugin-installer

(or sudo apt-get install --reinstall flashplugin-installer, sudo apt-get remove --purge flashplugin-installer && sudo apt-get install flashplugin-installer etc)

or, it should also be updated if you use:

sudo apt-get update
sudo apt-get upgrade

Flash is currently being blocked in Firefox by default in all versions:

Anyway, to fix it:

Open the Add-ons Manager ('Tools' > 'Add-ons', about:addons, CtrlShift+A)
Go to Plugins
In the dropdown next to 'Shockwave Flash' select 'Ask to Active'

Please only do this if desperate - youtube and other sites now have a option to use HTML5, which should be used in preference to this)

This is due to the unfixed security issues in the Adobe Flash plugin, which can be widely exploited by attackers.

The flash plugin in general is very insecure and should be replaced - apparently Adobe and others should be reducing the use of Flash to replace it with HTML5, WebGL and other open standards. One of the reasons (other than they couldn't be asked...) that the Linux version of Flash is stuck at 11.2 (the version for linux gets security backports for 5 years from release) is due to the supposed roadmap with which Adobe will remove Flash support globally (supposedly).

Best Answer

Related Solutions

Ubuntu – ‘adobe-flashplugin conflicts with flashplugin-downloader’ error while trying to install adobe-flashplugin

Ubuntu – Having problems updating the flash player

Related Question