When I go to websites using Flash in Firefox, I get this warning:
This plugin is vulnerable and it should be updated.
Mozilla's plugin check agrees:
Adobe Flash Player Shockwave Flash 11.2 r202 vulnerable 11.2.202.438
But if I follow the update link and download the Ubuntu version (opening with Software Center) I get
There isn’t a software package called “adobe-flashplugin” in your current software sources.
If I run
sudo apt-get update
sudo apt-get install -y flashplugin-installer
I'm told
flashplugin-installer is already the newest version.
So how can I update?
Best Answer
Another update: Currently flash may be blocked if it doesn't show as having the right version - e.g. for me on Firefox it shows as 11.2.202.569 in Firefox (And blocks it) but the package has
11.2.202.577
installed (the flash lib binary shows also11_2_202_577
, so something's broke). Basically it is up to date if it matches the version here.UPDATE (from https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/FirefoxAndAdobeFlashNPAPI):
You should be able to update/install it using:
(or
sudo apt-get install --reinstall flashplugin-installer
,sudo apt-get remove --purge flashplugin-installer && sudo apt-get install flashplugin-installer
etc)or, it should also be updated if you use:
Flash is currently being blocked in Firefox by default in all versions:
Anyway, to fix it:
Open the Add-ons Manager ('Tools' > 'Add-ons',
about:addons
, CtrlShift+A)Go to Plugins
In the dropdown next to 'Shockwave Flash' select 'Ask to Active'
Please only do this if desperate - youtube and other sites now have a option to use HTML5, which should be used in preference to this)
This is due to the unfixed security issues in the Adobe Flash plugin, which can be widely exploited by attackers.
The flash plugin in general is very insecure and should be replaced - apparently Adobe and others should be reducing the use of Flash to replace it with HTML5, WebGL and other open standards. One of the reasons (other than they couldn't be asked...) that the Linux version of Flash is stuck at 11.2 (the version for linux gets security backports for 5 years from release) is due to the supposed roadmap with which Adobe will remove Flash support globally (supposedly).
See also: