Adobe is no longer developing the Flash for Firefox on Linux. You’re still getting security updates, but that’s it — your Flash Player plug-in is already several major versions out-of-date.
Linux users can still use the Pepper-based Flash plug-in included with Google Chrome for Linux. This is the only way to get the latest version of Flash on Linux, although the plug-in can be installed separately for Chromium or Firefox.
Adobe Ditches NPAPI for Pepper on Linux
In 2012, Adobe announced they would no longer developing the NPAPI plug-in for Linux, but they would continue developing the Pepper-based Flash plug-in used in Chrome.
Let’s rewind here. Web browsers use different types of plug-ins. Internet Explorer on Windows uses ActiveX plugins. Other browsers on all operating systems — Firefox, Safari, and even Chrome until recently — use the NPAPI framework. NPAPI was originally developed for Netscape — NPAPI stands for “Netscape Plugin Application Programming Interface.” It became the standard plug-in architecture that all non-Internet-Explorer browsers used.
But NPAPI is very old. In 2013, Google announced their intention to remove NPAPI support from Chrome because “NPAPI’s 90s-era architecture has become a leading cause of hangs, crashes, security incidents, and code complexity.” They’ve replaced NPAPI with Pepper, also known as PPAPI. Adobe signed on, and the Flash Plugin distributed with Chrome — on Linux, Windows, and Mac OS X — uses Pepper instead of NPAPI.
On Windows and Mac OS X, Adobe is continuing to develop the NPAPI version of Flash used by Firefox and other browsers. On Linux, the NPAPI plug-in is stuck at 11.2 while the current version of Flash is 14.
Does This Mean Flash for Firefox is Insecure?
Adobe notes they’re continuing to provide security updates for Flash 11.2 on Linux, but they’re only actively developing the Pepper Flash plug-in for Linux. That’s why Firefox’s Plugin Checkdoesn’t flag the old Flash plug-in as outdated.
You won’t get any performance, battery life, or security infrastructure improvements if you continue to use Flash with Firefox. Adobe hasn’t announced any plans to cease security updates for Flash 11.2 on Linux, but we wouldn’t be surprised to see them do that in a few years. The Linux Flash NPAPI plug-in isn’t healthy — it’s on life support, and they’ll eventually have to pull the plug.
Why Can Firefox Not Use the Pepper Plugin?
Mozilla doesn’t want to implement Pepper plug-in support in Firefox and its Gecko rendering engine. The MozillaWiki page on the subject has a terse message: “Mozilla is not interested in or working on Pepper at this time.” The topic was also discussed on the Mozilla bugzilla.
On the Mozilla mailing list, Mozilla’s Robert O’Callahan argues that supporting Pepper would be a waste of resources. Mozilla is trying to build HTML5 and web technologies — they want web developers to use that, not to make shiny new Pepper plug-ins more tempting.
So I Need Chrome to Use the Latest Flash Player?
Officially, the latest version of Flash on Linux is only available via Chrome — it’s bundled and comes with Chrome itself. You don’t have to do anything special to get it, and updating Chrome automatically updates the Flash plug-in on Linux, Windows, Mac OS X, and even Chrome OS.
The open-source Chromium web browser also supports Pepper plug-ins. However, Adobe doesn’t distribute the Pepper Flash plug-in separately. Various Linux distributions have packages that can help you install Pepper Flash for Chromium. For example, on Ubuntu, you can install the pepperflashplugin-nonfree package from the Multiverse repository. This package will download Chrome from Google, extract the Pepper Flash plug-in, and install it on your system. Chromium will notice the plug-in and use it automatically after you restart your browser.
Unfortunately, the package won’t automatically update the Pepper Flash plug-in. This is a big deal because Flash has so many security holes that frequently need to be patched. You’ll have to run a special command to update the Flash plug-in, and you won’t receive notifications when a new versionis available. This security problem is noted on the Ubuntu bug tracker.
To check for new Flash Player versions, run sudo update-pepperflashplugin-nonfree –status in a Terminal window. To install a new version, run sudo update-pepperflashplugin-nonfree –install.
The new version of Opera, currently available only as a “developer” version on Linux, is based on Chromium. It supports the Pepper Flash plug-in, but you’ll have to install it in the same way you do for Chromium. Opera notes that Opera for Linux may include the Pepper Flash plug-in in the future — they’re working with Adobe on this.
Flash is on its way out. It’s already been purged from mobile devices — Adobe ended development for Flash Player on Android years ago. It’s still used for many desktop sites, but the web and Adobe itself are moving towards HTML5 and other web technologies integrated into browsers. It’s clear Flash is no longer as much of a priority, and Adobe will eventually wind down Flash Player development for all platforms. Adobe’s Flash development tools can already export to HTML5.