back to article Serious web vuln found in 8 million Flash files

A security researcher has identified more than 8 million Adobe Flash files that make the websites hosting them vulnerable to attacks that target visitors with malicious code. The Flash files are contained on a wide variety of sites operated by online casinos, news organizations, banks, and professional sports teams. They make …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Thumb Up

    Sweet...

    NoScript in Firefox caught this one:

    "NoScript filtered a potential Cross-site scripting (XSS) attempt from [http://www.theregister.co.uk]..."

  2. Anonymous Coward
    Unhappy

    Opera

    My beloved Opera remains vulnerable to XSS

  3. Big-nosed Pengie

    This looks like another job...

    for NoScript!

  4. jake Silver badge

    ::shrugs::

    Who still sees Flash-anything?

    More to the point, WHY? Has anything useful ever been done with Flash?

    1. AndrueC Silver badge
      Alert

      Just saying

      BBC iPlayer.

      Not saying it /should/ but it does and millions of Britons use it.

    2. Real Ale is Best
      Thumb Up

      @jake

      >> More to the point, WHY? Has anything useful ever been done with Flash?

      http://www.badgerbadgerbadger.com/

    3. EJ
      Thumb Down

      Oracle & Flash

      Oracle just built their entire support website on Flash. It stinks.

  5. Phillip Webster
    Badgers

    Noscript and flashblock

    Once again to the rescue.

    It's really getting quite tiresome because I prefer Chrome as a browser but I'm too paranoid to surf around without scripts and flash blocked. :oP

    Hoping for Chrome analogues to the mentioned extensions at some point.

  6. Matthew Collier

    NoScript...

    ...presumably, both blocks the Flash in the first place, but, even if you've enabled the site, will also block the XSS? In fact, for the in-law's, I've installed NoScript in Allow Global Scripts mode, as it will still offer XSS protection (and ClickJacking protection), like in this case, without them having to understand how to use it's blocking features.

  7. Tom 7

    Looks like another job

    for flashblock. Or just the general if its Adobe its really a pointless security risk...

    Its not really the security issues around Adobe products its the complete and utter waste of bandwidth and CPU and peoples time that it encourages.

  8. Anonymous Coward
    Linux

    malicious flash files

    > A security researcher has identified more than 8 million Adobe Flash files that make the websites hosting them vulnerable to attacks that target visitors with malicious code ..

    Why don't they make the underlying platform secure so as to render data files safe enough to be viewed on them ?

  9. jon 77

    Opera block the XSS?? Look at the forum more...

    http://my.opera.com/community/forums/search.dml?term=XSS?&tag=&username=&exactusername=Y&mode=forum&submit=+search+&datemodifier=newer&limitdate=any&sortby=rel&disp=thread

    Opera has always blocked some cross-site scripting, but you need to know what you are talking about... lots of details in above link...

  10. Jamie Jones Silver badge
    FAIL

    Mr.

    No doubt, YET AGAIN, we're going to get lots of nerds posting how they aren't affected because they use ad-block/no flash/ no script or WHATEVER.

    Guess what? No-one CARES - you may as well just post "first post" as your response - it's just as retarded.

    Yes, I use many of these tools, but for some reason I don't feel the need to post about that fact everytime something like this comes up... probably because I'm happy with the size of my penis.

  11. jeanX
    Unhappy

    serious web...

    Opera was my browser until last dec 30th.You guessed it, an XSS hole on account of adobe flash.

    I wish opera would make a secure browser.I would give anything other than slow ff.

This topic is closed for new posts.

Other stories you might like