W3C home > Mailing lists > Public > www-tag@w3.org > November 2009

Re: Flash same-origin vulnerability

From: Thomas Roessler <tlr@w3.org>
Date: Fri, 13 Nov 2009 10:13:18 +0100
Cc: Thomas Roessler <tlr@w3.org>, www-tag@w3.org
Message-Id: <DF918BDA-EA16-4AB7-89D5-8C3BF4E881DE@w3.org>
To: noah_mendelsohn@us.ibm.com
I don't see much new here -- this is vintage HTML injection, just with "HTML" replaced by "Flash".   (The rest sounds like a few nifty tricks for hiding Flash in other file types; nothing qualitatively new in there, either.)

Cheers,
--
Thomas Roessler, W3C  <tlr@w3.org>







On 13 Nov 2009, at 03:18, noah_mendelsohn@us.ibm.com wrote:

> The article at [1] seems pertinent to our discussions of security. 
> Basically, as I understand it, the vulernability involves sites that allow 
> a user to upload a file, and which then serve that file back without 
> extensive checking.  When the attack succeeds, it's possible to get a SWF 
> file to execute with the origin context of the site to which you uploaded. 
> That's a bit of an oversimplification.  See [1] for details.
> 
> Noah
> 
> 
> [1] 
> http://www.foregroundsecurity.com/MyBlog/flash-origin-policy-issues.html
> 
> --------------------------------------
> Noah Mendelsohn 
> IBM Corporation
> One Rogers Street
> Cambridge, MA 02142
> 1-617-693-4036
> --------------------------------------
> 
> 
> 
> 
> 
> 
Received on Friday, 13 November 2009 09:13:30 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:18 GMT