The Register® — Biting the hand that feeds IT

Feeds

Serious web vuln found in 8 million Flash files

A security researcher has identified more than 8 million Adobe Flash files that make the websites hosting them vulnerable to attacks that target visitors with malicious code. The Flash files are contained on a wide variety of sites operated by online casinos, news organizations, banks, and professional sports teams. They make …

This topic is closed for new posts.
Anonymous Coward
Thumb Up

Sweet...

NoScript in Firefox caught this one:

"NoScript filtered a potential Cross-site scripting (XSS) attempt from [http://www.theregister.co.uk]..."

Anonymous Coward
Unhappy

Opera

My beloved Opera remains vulnerable to XSS

Big-nosed Pengie
Bronze badge

This looks like another job...

for NoScript!

jake
Silver badge

::shrugs::

Who still sees Flash-anything?

More to the point, WHY? Has anything useful ever been done with Flash?

AndrueC
Silver badge
Alert
Reply Icon

Just saying

BBC iPlayer.

Not saying it /should/ but it does and millions of Britons use it.

Real Ale is Best
Thumb Up
Reply Icon

@jake

>> More to the point, WHY? Has anything useful ever been done with Flash?

http://www.badgerbadgerbadger.com/

EJ
Thumb Down
Reply Icon

Oracle & Flash

Oracle just built their entire support website on Flash. It stinks.

Phillip Webster
Badgers

Noscript and flashblock

Once again to the rescue.

It's really getting quite tiresome because I prefer Chrome as a browser but I'm too paranoid to surf around without scripts and flash blocked. :oP

Hoping for Chrome analogues to the mentioned extensions at some point.

Matthew Collier

NoScript...

...presumably, both blocks the Flash in the first place, but, even if you've enabled the site, will also block the XSS? In fact, for the in-law's, I've installed NoScript in Allow Global Scripts mode, as it will still offer XSS protection (and ClickJacking protection), like in this case, without them having to understand how to use it's blocking features.

Tom 7
Silver badge

Looks like another job

for flashblock. Or just the general if its Adobe its really a pointless security risk...

Its not really the security issues around Adobe products its the complete and utter waste of bandwidth and CPU and peoples time that it encourages.

Anonymous Coward
Linux

malicious flash files

> A security researcher has identified more than 8 million Adobe Flash files that make the websites hosting them vulnerable to attacks that target visitors with malicious code ..

Why don't they make the underlying platform secure so as to render data files safe enough to be viewed on them ?

jon 77

Opera block the XSS?? Look at the forum more...

http://my.opera.com/community/forums/search.dml?term=XSS?&tag=&username=&exactusername=Y&mode=forum&submit=+search+&datemodifier=newer&limitdate=any&sortby=rel&disp=thread

Opera has always blocked some cross-site scripting, but you need to know what you are talking about... lots of details in above link...

Jamie Jones
Bronze badge
FAIL

Mr.

No doubt, YET AGAIN, we're going to get lots of nerds posting how they aren't affected because they use ad-block/no flash/ no script or WHATEVER.

Guess what? No-one CARES - you may as well just post "first post" as your response - it's just as retarded.

Yes, I use many of these tools, but for some reason I don't feel the need to post about that fact everytime something like this comes up... probably because I'm happy with the size of my penis.

jeanX
Unhappy

serious web...

Opera was my browser until last dec 30th.You guessed it, an XSS hole on account of adobe flash.

I wish opera would make a secure browser.I would give anything other than slow ff.

This topic is closed for new posts.