- From: <noah_mendelsohn@us.ibm.com>
- Date: Thu, 12 Nov 2009 21:18:31 -0500
- To: www-tag@w3.org
The article at [1] seems pertinent to our discussions of security. Basically, as I understand it, the vulernability involves sites that allow a user to upload a file, and which then serve that file back without extensive checking. When the attack succeeds, it's possible to get a SWF file to execute with the origin context of the site to which you uploaded. That's a bit of an oversimplification. See [1] for details. Noah [1] http://www.foregroundsecurity.com/MyBlog/flash-origin-policy-issues.html -------------------------------------- Noah Mendelsohn IBM Corporation One Rogers Street Cambridge, MA 02142 1-617-693-4036 --------------------------------------
Received on Friday, 13 November 2009 02:19:02 UTC