Flash vulnerabiliity

[kukla]

Hackers can exploit a flaw in Adobe's Flash to compromise nearly every Web site that allows users to upload content, including Google's Gmail, then launch silent attacks on visitors to those sites, security researchers said today.

http://www.computerworld.com/s/article/ ... esearchers

NoScript is mentioned in the article linked. I'm wondering how much protection NoScript provides for this kind of exploit? Basically, if I'm using NoScript, can I load Flash content without much worry? Any tips? Thanks.

[therube]

No, Flash runs in its own world.

See, Expert says Adobe Flash policy is risky & the linked pages therein.

So your best bet is using NoScript, better with "Apply these restrictions to trusted sites as well".

[kukla]

A little clarification, please. Does that then mean one should simply not load any Flash? Isn't this what "Apply these restrictions to trusted sites" effectively accomplishes; it disables Flash from loading until the placeholder is clicked. Are you saying that once you load any Flash, you're on your own with no protection from NS? Is this a correct reading of your comment?
In other words, ClicktoFlash in Safari, or Flash disabled in Camino, would essentially accomplish the same thing, by simply not allowing the Flash to load in the first place?

Or, if this is considered a cross site scripting exploit, or something else that NS will filter, will NS protect against this? Thanks.

[therube]

Others would have to chime in, but I believe ...

Once you click the placeholder, you are at the mercy of the Flash you clicked.
NoScript can & will help in a general & broad sense, but once Flash is running, it is then outside the scope of the browser & so NoScript.