Last week Mozilla rolled out Firefox 3.5.3, which checks the user’s version of Adobe Flash. As it turns out, in one week alone, 10 million people clicked on the Adobe update, according to Mozilla.
That’s a staggering number. That potentially means that 10 million people were running older out-of-date and insecure versions of Flash. It means that despite Adobe’s own efforts to get people to update with their own update mechanisms and public outreach that 10 million people were still left out of the loop.
Flash is at risk from a critical vulnerability that Adobe has already patched. Yet there are still a good number of un-patched Flash users. One study I reported on last month claimed that the number is as high as 80 percent of Flash users.
How does that correlate with Mozilla’s numbers? Are 80 percent of Firefox users running un-patched versions of Firefox?
The current publicly available figures from Mozilla do not seem to lead to that conclusion. Though the 10 million figure is certainly a number to take seriously. Mozilla’s numbers guy Ken Novash blogged that the click through rate on the Firefox 3.5.3 What’s New page, (which is where the Flash update notice first appears) was 30 percent. Taking a (small) leap of faith and without having the full data set myself, I’m going to assume that means that at least 30 percent of Firefox 3.5.3 users had out-of-date versions of Flash.
So no, it’s not 80 percent, but it’s still a non-trivial number. It also raises another huge question.