Page 1 of 1
another reason to block flash
Posted: Sat Jul 12, 2014 11:01 pm
by morganism
and the swf it rode in on
http://miki.it/blog/2014/7/8/abusing-js ... tta-flash/
Re: another reason to block flash
Posted: Sun Jul 13, 2014 11:03 am
by therube
Is nothing sacred anymore!
Re: another reason to block flash
Posted: Mon Jul 14, 2014 5:56 am
by Thrawn
It's cross-site Flash injection! Clever.
I don't know whether NoScript's built-in CSRF protection would protect against this, but I suspect not, because the Flash object is apparently being loaded from the victim. It probably wouldn't trip the XSS filter either.
RequestPolicy would do the job.