The article at [1] seems pertinent to our discussions of security. Basically, as I understand it, the vulernability involves sites that allow a user to upload a file, and which then serve that file back without extensive checking. When the attack succeeds, it's possible to get a SWF file to execute with the origin context of the site to which you uploaded. That's a bit of an oversimplification. See [1] for details. Noah [1] http://www.foregroundsecurity.com/MyBlog/flash-origin-policy-issues.html -------------------------------------- Noah Mendelsohn IBM Corporation One Rogers Street Cambridge, MA 02142 1-617-693-4036 --------------------------------------Received on Friday, 13 November 2009 02:19:02 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:56:31 UTC