another reason to block flash

Talk about internet security, computer security, personal security, your social security number...
Post Reply
Senior Member
Posts: 121
Joined: Tue Nov 26, 2013 9:44 pm

another reason to block flash

Post by morganism » Sat Jul 12, 2014 11:01 pm

Mozilla/5.0 (Windows NT 6.0; rv:28.0) Gecko/20100101 Firefox/28.0

User avatar
Posts: 7669
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: another reason to block flash

Post by therube » Sun Jul 13, 2014 11:03 am

Is nothing sacred anymore!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26.1

User avatar
Senior Member
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia

Re: another reason to block flash

Post by Thrawn » Mon Jul 14, 2014 5:56 am

It's cross-site Flash injection! Clever.

I don't know whether NoScript's built-in CSRF protection would protect against this, but I suspect not, because the Flash object is apparently being loaded from the victim. It probably wouldn't trip the XSS filter either.

RequestPolicy would do the job.
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0

Post Reply