Did you hear about any of those Firefox RCE exploits? Probably not.
We only hear about Flash RCE exploits because those are the ones which happen to get exploited in the wild the most. This is not because browsers are always more secure than Flash; it is because hackers know that if they succeed in finding a RCE exploit in Flash, they will be able to target the 97% of desktop users with Flash installed rather than just the 44% who use Chrome or the 15% who use Firefox. It's the same reason Windows users have always had far more exploits actively used against them than Mac users. Should we set a kill date for Windows because of that?
As long as we are making asinine suggestions, how about browsers set a kill date for Facebook, after which no one can access the site? Facebook's rampant video piracy problem harming small publishers on YouTube [1] is orders of magnitude more financially damaging to its victims than MegaUpload ever was. At bare minimum, it would be appropriate to warn users that they are about to visit a malicious piracy hub with a red full-screen "Are you sure you want to go here?" page, and perhaps provide a list of suggestions of alternative social networks to switch to.
Let's compare Adobe's diligence of patching to another company's. How about Mozilla?
Adobe usually patches a RCE exploit within 72 hours of discovery. Mozilla seem to take anywhere from one to three months.
Firefox RCE exploit found on January 20, 2015: https://community.rapid7.com/community/metasploit/blog/2015/...
Firefox RCE exploit found on February 25, 2015: https://msisac.cisecurity.org/advisories/2015/2015-018.cfm
Firefox RCE exploit found on March 1, 2015: https://www.mozilla.org/en-US/security/advisories/mfsa2015-3...
Firefox RCE exploit found on April 22, 2015: https://msisac.cisecurity.org/advisories/2015/2015-046.cfm
Firefox RCE exploit found on May 12, 2015: https://www.mozilla.org/en-US/security/advisories/mfsa2015-5...
Did you hear about any of those Firefox RCE exploits? Probably not.
We only hear about Flash RCE exploits because those are the ones which happen to get exploited in the wild the most. This is not because browsers are always more secure than Flash; it is because hackers know that if they succeed in finding a RCE exploit in Flash, they will be able to target the 97% of desktop users with Flash installed rather than just the 44% who use Chrome or the 15% who use Firefox. It's the same reason Windows users have always had far more exploits actively used against them than Mac users. Should we set a kill date for Windows because of that?
As long as we are making asinine suggestions, how about browsers set a kill date for Facebook, after which no one can access the site? Facebook's rampant video piracy problem harming small publishers on YouTube [1] is orders of magnitude more financially damaging to its victims than MegaUpload ever was. At bare minimum, it would be appropriate to warn users that they are about to visit a malicious piracy hub with a red full-screen "Are you sure you want to go here?" page, and perhaps provide a list of suggestions of alternative social networks to switch to.
1. https://news.ycombinator.com/item?id=9854160