Steve Jobs waged war on Adobe Flash before he died. Now, Mozilla and Facebook are picking up where Apple’s co-founder left off and are aiming to kill the software for good.

Mozilla, the maker of the popular Firefox Web browser, is blocking Flash because of recently discovered bugs in the software that hackers are actively exploiting. Although Adobe said it’s taking the matter seriously and has promised patches, that’s no longer good enough for some companies.

“All versions of Adobe’s Flash Player plugin are currently deactivated by default, until Adobe releases an updated version to address known critical security Relevant Products/Services issues,” Mozilla said on its support site. “Some Web sites use Adobe Flash to display content. However, attackers can also use the security flaws in Flash to run malicious software on your computer and gain access to your system.”

Facebook Says Die

Facebook security chief Alex Stamos is being especially vocal about the future of Flash. He made his opinion known in a tweet: “It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.”

This new wave of criticism and the call to kill Flash comes in the wake of three new critical, zero-day vulnerabilities in the software that put all versions of the player for Windows, Macintosh and Linux at risk.

The flaws were made public after the Hacking Team -- the Italian company famous for supplying hacker tools to the world -- was hacked. Adobe said successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe also revealed the exploits targeting these vulnerabilities have been published publicly.

On Tuesday, Adobe patched vulnerabilities CVE-2015-5122 and CVE-2015-5123 for Adobe Flash Player for Windows, Macintosh and Linux. These updates address critical vulnerabilities that could let an attacker take over the affected system, Adobe said in a brief security note.

Dialing Out Flash?

Jobs went on the offense about Flash in 2010, explaining in an open letter why Apple did not allow Flash on iPhones, iPods and iPads. At that time Jobs insisted the decision was made based on technology issues. Flash is proprietary but Jobs said the standards pertaining to the Web should be open. His bigger beef, though, was security.

“Symantec recently highlighted Flash for having one of the worst security records in 2009. We also know first hand that Flash is the number one reason Macs crash,” Jobs said in the letter. “We have been working with Adobe to fix these problems, but they have persisted for several years now. We don’t want to reduce the reliability and security of our iPhones, iPods and iPads by adding Flash.”

We caught up with Tim Erlin, director of IT security and risk strategy for advanced threat detection firm Tripwire, to get his thoughts on the security side of the issue. He told us the real challenge with zero-day vulnerabilities is this: We know a smaller community has exploited them already, which means attackers may have already exploited them and gained footholds inside networks and systems. To some, that may be all the more reason to kill Flash.

“Organizations need to scramble to apply fixes, but how does an organization increase their efforts to find exiting breaches?” Erlin asked. “Most organizations can’t just ‘look harder’ at their network and systems. If you’ve already turned the intrusion detection dial up as high as it goes, you have to find a different dial to adjust.”