Patch/Configuration Management, Vulnerability Management

Firefox finds users interested in updating Flash Player

In the one week since Mozilla began warning new Firefox 3.5.3 users if they are running an out-of-date version of Adobe Flash, some 10 million people have clicked on the provided link to upgrade to the latest version of the ubiquitous software.

The browser's "what's new" page, which appears when a user upgrades to the newest version of the browser, normally sees a click-through rate of 5 percent, Ken Kovash, Mozilla's metrics chief, said Wednesday on a company blog. But the Flash update link on the page has alone generated a 30 percent click-through rate.

In seven days, a total of 10 million people clicked the link, which Kavash called "phenomenal."

Mozilla announced its plan to notify users who are running vulnerable Flash software because its traffic stats indicate that some 75 percent of users run an out-of-date version.The warnings will enable people to avoid crashes, stability issues and other security problems, company security executives have said.

Mozilla plans to partner with other plug-in providers to offer similar alerts.

Mike Dausin, senior security developer at intrusion prevention solutions provider TippingPoint, said many organizations do not have robust processes to push out patches for client-side software, such as Flash.

"It will absolutely help them, especially because a lot of their exposure comes from the web," he told SCMagazineUS.com on Thursday. "I think more and more users these days use the internet as their only portal into the computer. When you get their attention that way [through the browser], they pay attention a lot more than random pop-ups on their desktop."

Dausin said he understands why Mozilla felt compelled to launch the initiative.

"They want your internet experience to be good," said. "If there is any possibility that something that is not directly their fault but the user associates with the internet experience, they're going to think negatively on the whole experience."

Kovash did not say how many users actually installed the latest Flash version, and a message to Adobe was not immediately answered.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.