This site is now just an archive over the rise and fall of Flash. The domain flashmagazine.com is available for sale
Login | Register

Flash Scripting Security Issue

Macromedia has released a Security bulletin about a Cross Server Scripting Security Issue with their Flash player

The problem comes from the SWF contents ability to execute JavaScript commands, and affect every web site which allows users to include/upload SWF content on their own.

A typical abuse of this security fault would be for a malicious user to include a seemingly innocent SWF signature that at the same time would be able to transfer data such as cookies from every single user viewing the page with the included SWF.

Macromedia has announced that there will be a new Flash 6 player made available in July that will address the security issue with a new EMBED/PARAM parameter, the parameter will allow web sites to turn off any outbound scripting (ActionScript getURL() actions that specify a scripting statement) when displaying SWF content
Flash Cross Server Scripting Security Bulletin

 

Get new stories first

Click to follow us on Twitter!

 

Comments

No comments for this page.

Submit a comment

Only registered members can comment. Click here to login or here to register