Ship Mint 17.3+ with Adobe Flash disabled or click-to-play by default
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Linux Mint |
New
|
Undecided
|
Unassigned | ||
Bug Description
In light of the Hacking Team disclosures, multiple Adobe Flash 0-days in the wild, and moves by major browser developers and content providers to deprecate Flash, I believe Mint 17.3+ should ship with Flash disabled (or set to click-to-play at a minimum) in at least the following packages, if not more:
* Chromium
* Firefox
* any other web browsers capable of using Flash
I am not sure why Steam requires Flash. It's probably not worth investigating though.
Flash has long been on its way out, most web sites work without it and many of the stragglers will be cleaned up in the next 6 months. Its usefulness is declining rapidly but it presents a huge attack surface when browsing the web.
Please help usher Flash into the dustbin of history by disabling per default in Mint 17.3+.
| tags: | added: security |
| Jens Reimann (ctron) wrote | #1 |
Or at least provide a simple way to uninstall flash. Removing the package "adobe-flashplugin" automatically triggers a removal of "mint-meta-codec" which you probably do not want to uninstall. So maybe remove it at least as a hard dependency.