diff --git a/firefox-35.0-flash-click-to-play.patch b/firefox-35.0-flash-click-to-play.patch
new file mode 100644
index 0000000..93d218e
--- /dev/null
+++ b/firefox-35.0-flash-click-to-play.patch
@@ -0,0 +1,12 @@
+diff -up firefox-35.0/mozilla-release/browser/app/profile/firefox.js.flash firefox-35.0/mozilla-release/browser/app/profile/firefox.js
+--- firefox-35.0/mozilla-release/browser/app/profile/firefox.js.flash	2015-01-22 12:19:27.000000000 +0100
++++ firefox-35.0/mozilla-release/browser/app/profile/firefox.js	2015-01-22 12:21:45.139134814 +0100
+@@ -691,7 +691,7 @@ pref("plugin.defaultXpi.state", 2);
+ 
+ // Flash is enabled by default, and Java is click-to-activate by default on
+ // all channels.
+-pref("plugin.state.flash", 2);
++pref("plugin.state.flash", 1);
+ pref("plugin.state.java", 1);
+ 
+ // Whitelist Requests
diff --git a/firefox.spec b/firefox.spec
index 4f2595b..417a338 100644
--- a/firefox.spec
+++ b/firefox.spec
@@ -107,7 +107,7 @@
 Summary:        Mozilla Firefox Web browser
 Name:           firefox
 Version:        35.0
-Release:        5%{?pre_tag}%{?dist}
+Release:        6%{?pre_tag}%{?dist}
 URL:            http://www.mozilla.org/projects/firefox/
 License:        MPLv1.1 or GPLv2+ or LGPLv2+
 Group:          Applications/Internet
@@ -138,9 +138,9 @@ Patch20:        firefox-build-prbool.patch
 # Unable to install addons from https pages
 Patch204:        rhbz-966424.patch
 Patch215:        firefox-enable-addons.patch
-#Patch217:        firefox-baseline-disable.patch
 Patch219:        rhbz-1173156.patch
 Patch220:        rhbz-1014858.patch
+Patch221:        firefox-35.0-flash-click-to-play.patch
 
 # Upstream patches
 Patch300:        mozilla-858919.patch
@@ -294,12 +294,9 @@ cd %{tarballdir}
 # Fedora patches
 %patch204 -p2 -b .966424
 %patch215 -p1 -b .addons
-# disable baseline JIT on i686 (rhbz#1047079)
-#%ifarch %{ix86}
-#%patch217 -p2 -b .baseline
-#%endif
 %patch219 -p2 -b .rhbz-1173156
 %patch220 -p1 -b .rhbz-1014858
+%patch221 -p2 -b .flash
 
 # Upstream patches
 %patch300 -p1 -b .858919
@@ -769,6 +766,10 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 #---------------------------------------------------------------------
 
 %changelog
+* Thu Jan 22 2015 Martin Stransky <stransky@redhat.com> - 35.0-6
+- Disabled flash by default because of 0day live flash exploit
+  (see https://isc.sans.edu/diary/Flash+0-Day+Exploit+Used+by+Angler+Exploit+Kit/19213)
+
 * Mon Jan 19 2015 Martin Stransky <stransky@redhat.com> - 35.0-5
 - Enable release build config
 - Gtk3 - added patch for HiDPI support (mozbz#975919)