1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Duplicate Remove Flash from XF: security warning on XenForo.com

Discussion in 'Closed Suggestions' started by Alfa1, Jul 14, 2015.

  1. Alfa1

    Alfa1 Well-Known Member

    Browsers like Firefox are blocking Adobe Flash and showing a security warning:
    Firefox has prevented the unsafe plugin "Adobe Flash" from loading on xenforo.com

    Meanwhile Facebook is calling on Adobe to kill Flash and states that its no longer a risk worth taking.

    I suggest to remove Flash Uploader from XenForo and replace it with a html5 alternative.
    woody, empire, Fred. and 10 others like this.
  2. HWS

    HWS Well-Known Member

    I'm almost sure this is a duplicate. But I am supporting it.

    However the browsers just show this message if you've installed an old version of Flash. You just neeed to upgrade it and the warning will be gone. This is not XF related.
  3. Chris D

    Chris D XenForo Developer Staff Member

    There is a duplicate suggestion relating to this.

    I believe the vulnerability has been patched in recent Flash updates. Otherwise you can disable the flash uploader in your preferences for now.
  4. Amaury

    Amaury Well-Known Member

    So, the latest version, is still safe, they're just blocking Flash in general by default and it's therefore safe to allow Flash on trusted sites like XF? They made it sound like even the patch was vulnerable.
  5. Chris D

    Chris D XenForo Developer Staff Member

    I may have been behind on my news earlier. It looks like this is a new vulnerability.

    Doesn't change anything, though. If it's blocked or you don't want to use it, it can be switched off in your preferences.
    Amaury likes this.
  6. Alfa1

    Alfa1 Well-Known Member

    That's true. But by now the question needs to be asked: shouldn't XenForo ditch Flash now?
    I mean, the browser warning makes the site (and any site running xenforo with flash) look bad. Its easy for the user to misunderstand and perceive it as if the site itself is infected as it tried to load a dangerous script.
    batpool52! and Adam K M like this.
  7. Chris D

    Chris D XenForo Developer Staff Member

    It's easier said than done, of course.

    It's only the current Flash version and Firefox that is displaying this warning to users. I'm sure it will get fixed and, which to be fair to Adobe it often is the case, in a timely fashion.
    Amaury and Alfa1 like this.
  8. silence

    silence Well-Known Member

    Can't you disable it in the attachment options though?
  9. Chris D

    Chris D XenForo Developer Staff Member

    Yes. Or in your personal preferences.
  10. Alfa1

    Alfa1 Well-Known Member

    Yes, most certainly.
  11. Amaury

    Amaury Well-Known Member

    I assume a popup box like normal will appear on your desktop asking you to update Flash. :D I was going to keep an eye on the plugins page, but I realized it'll probably still say vulnerable because that version and version below are affected.


    I also updated Java (TM) Platform from 11.31.2. I must have missed it earlier, but it said it was vulnerable. I also updated Adobe Acrobat Reader, but it was only outdated, not vulnerable. Plugins and plugin updating are fun! :D
  12. Snog

    Snog Well-Known Member

    With all of the hullabaloo about flash on facebook, etc. I don't see anyone dropping flash any time soon.

    If and when it happens, it would be a slow change. Do it too quickly and YouTube would die a quick death. I don't think it's parent company would let that happen. ;)
  13. Chris D

    Chris D XenForo Developer Staff Member

    Bear in mind most big sites, especially YouTube, work perfectly fine without Flash. So no one is going to suffer as a result of the demise of Flash.

    In theory, any site whose service already runs fine on iOS which has never had Flash support, is already geared up to drop Flash on all their platforms. If 1 billion iOS devices have successfully managed to live without Flash for 8 years, I'm sure it won't do any one any harm if it happened as quickly as possible.
    Fred., Steve F, Snog and 3 others like this.
  14. Chris D

    Chris D XenForo Developer Staff Member

  15. Sheldon

    Sheldon Well-Known Member

    Default is already HTML5, so it won't be too long before Flash is completely removed.

    I don't see your average user jumping in and changing the default behavior of the browser, and most don't notice nor care. I'd say most have no idea what player they are using for YouTube at the moment, and again, not sure they care either way. As long as it plays, they are happy.
  16. Kevin

    Kevin Well-Known Member

    Considering that Facebook's head of security wants to see a sunset date for Flash and Google (YouTube's parent company) recommends using an iframe (which could render an HTML5 player) instead of using direct object tags, I think YouTube will do just fine in a post-Flash world.
  17. Martok

    Martok Well-Known Member

    Both Amazon and Twitch (which Amazon own) need to pull out their fingers if Flash support is dropped. Twitch still uses it extensively for its videos/streams and Amazon use it for Prime Instant Videos (or Silverlight if you're on Windows).
  18. Snog

    Snog Well-Known Member

    To be perfectly honest, I was unaware that YouTube had an HTML5 player until now. I've switched my player now.
  19. Amaury

    Amaury Well-Known Member

    What browser are you using? The HTML5 player has been default on Chrome for a long time and not too long ago became default on Firefox.
  20. Snog

    Snog Well-Known Member

    Linux Firefox 39.0. It was not the default, I had to choose it.

Share This Page