and the swf it rode in on
http://miki.it/blog/2014/7/8/abusing-js ... tta-flash/
another reason to block flash
another reason to block flash
Mozilla/5.0 (Windows NT 6.0; rv:28.0) Gecko/20100101 Firefox/28.0
Re: another reason to block flash
Is nothing sacred anymore!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26.1
Re: another reason to block flash
It's cross-site Flash injection! Clever.
I don't know whether NoScript's built-in CSRF protection would protect against this, but I suspect not, because the Flash object is apparently being loaded from the victim. It probably wouldn't trip the XSS filter either.
RequestPolicy would do the job.
I don't know whether NoScript's built-in CSRF protection would protect against this, but I suspect not, because the Flash object is apparently being loaded from the victim. It probably wouldn't trip the XSS filter either.
RequestPolicy would do the job.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0