another reason to block flash

Talk about internet security, computer security, personal security, your social security number...
Post Reply
morganism
Senior Member
Posts: 116
Joined: Tue Nov 26, 2013 9:44 pm

another reason to block flash

Post by morganism » Sat Jul 12, 2014 11:01 pm

Mozilla/5.0 (Windows NT 6.0; rv:28.0) Gecko/20100101 Firefox/28.0

User avatar
therube
Ambassador
Posts: 7494
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: another reason to block flash

Post by therube » Sun Jul 13, 2014 11:03 am

Is nothing sacred anymore!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26.1

User avatar
Thrawn
Senior Member
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: another reason to block flash

Post by Thrawn » Mon Jul 14, 2014 5:56 am

It's cross-site Flash injection! Clever.

I don't know whether NoScript's built-in CSRF protection would protect against this, but I suspect not, because the Flash object is apparently being loaded from the victim. It probably wouldn't trip the XSS filter either.

RequestPolicy would do the job.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0

Post Reply