Topic: Mozilla catches half of Firefox users running insecure Flash

[Samker]

More than half of all Firefox users ran an unsafe version of Adobe's Flash Player, according to statistics collected last week as users installed the latest release of the popular open-source browser.

Of the 6 million or so people who upgraded to either 3.5.3 or 3.0.14 of Firefox on its debut last Thursday, slightly more than 3 million of them were found to be running an outdated Flash version, according to Mozilla's Ken Kovash: http://blog.mozilla.com/metrics/2009/09/16/helping-people-upgrade-flash/
Sadly, only about 35 percent of those informed they had an insecure installation clicked on a link to upgrade to the latest version.

That suggests that some 2 million Firefox users remained vulnerable to remote exploit attacks even after Mozilla presented them with a warning that said "your current version of Flash Player can cause security and stability issues" and added "you should update Adobe Flash Player right now."

A similar pattern has played out ever since, although the numbers in all three categories were smaller. Over that time, about 10 million users in all clicked on the link, which led to an update page on Adobe's website. The overall click-through rate was about 30 percent.

The statistics were gathered by counting the number of page impressions that are automatically generated when Firefox users install the latest version of the browser. As previously reported, the newest release began checking users' version of Flash and admonishing them to update if it was found to be out of date.

Over the past year, Adobe has faced harsh criticism for pumping out a steady stream of vulnerabilities in its ubiquitous Reader and Flash applications that have allowed criminals to surreptitiously install malware on end users' machines. In addition to poor quality control, much of the problem seems to rest with the difficulty administrators and average users alike have in making sure their computers are running the latest versions.

While a 30-percent click-through may seem small, Kovash said it represented a spike compared with the 5 percent of users who typically click such links.

Given that so many users can't rely on Adobe to help them stay up to date, it's nice to see Mozilla picking up the slack. The foundation plans to warn users when they have other out-of-date plugins, Mozilla's Johnathan Nightingale said here: http://blog.mozilla.com/security/2009/09/16/plugin-updating-project-follow-up/

(Register)