Two recently-reported Flash Player vulnerabilities (CVE-2015-0313 and -0311) are leading me to block most Flash videos.
The short form of this question is: How do I best use NoScript or FlashGot, in dealing with this situation?
I have NoScript (for years, and I love it!) ... but I never bothered with FlashGot; I've had little need to download Flash videos, but do watch them online occasionally (or "did," until now!).
Is there a NoScript setting that will block all Flash video from all sources, unless I explicitly override on a case-by-case basis? (I'm unlikely to override until they fix this!)
I suppose I could simply delete the vulnerable versions of Flash Player... but it's not clear to me, yet, how much (if any) of the vulnerability is "in the video," vs. how much is "in the player."
Coping with Flash vulnerabilities
Coping with Flash vulnerabilities
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Re: Coping with Flash vulnerabilities
Options | Embeddings -> Forbid Flash
Apply these restrictions to whilelisted sites too (checkmark)
You should then get a placeholder on Flash content.
Apply these restrictions to whilelisted sites too (checkmark)
You should then get a placeholder on Flash content.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:35.0) Gecko/20100101 SeaMonkey/2.32
Re: Coping with Flash vulnerabilities
And FlashGot is not relevant; it actually has nothing to do with the Flash Player. It's for "downloading in a flash".
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
Re: Coping with Flash vulnerabilities
Also enable browser builtin click-to-play for Flash: Tools > Add-ons manager > plugins > shockwave flash: ask to activate.
NoScript will play nice with it, and extra layers of protection don't hurt.
Let's move this to Security since it isn't about FlashGot.
NoScript will play nice with it, and extra layers of protection don't hurt.
Let's move this to Security since it isn't about FlashGot.
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (X11; OpenBSD amd64; rv:29.0) Gecko/20100101 SeaMonkey/2.26.1
Re: Coping with Flash vulnerabilities
While blocking active content is never a bad idea, one has to salute the transparency of the Flash Player team. There are TONS of vulnerabilities in both Firefox and Chrome (Chrome updates have about 40 critical security issues fixed every time), and you don't hear as much about them. Browser vendors, OS vendors, they just fix security issues and that's it, so their products don't look half-assed. The Flash team goes the extra mile and admits when they learn about a security issue exploited in the wild. Let's not take that against them and encourage opacity.Two recently-reported Flash Player vulnerabilities (CVE-2015-0313 and -0311) are leading me to block most Flash videos.
But do block Flash by default like you do JavaScript, of course.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0