Comments on: Yet Another Adobe Flash Unpatched Vulnerability Actively Exploited in the Wild

By: Alan Baxter

Alan Baxter — Mon, 20 Sep 2010 01:55:29 +0000

@Dan:
I haven’t figured out how to do that either. So, whenever I’m on a site where I want to allow all Flash instead of just using the placeholder, I use NoScript’s Blocked Objects flyout to temporarily enable it for the whole site (on trusted sites only, of course).

By: Dan

Dan — Mon, 20 Sep 2010 00:57:12 +0000

How can I run NoScript in "Flashblock mode" but still whitelist some sites for Flash? I can’t seem to get it to work after a bit of trying. If it’s not that simple, then getting people to migrate from Flashblock will be more difficult.

By: JB

JB — Fri, 17 Sep 2010 18:09:05 +0000

Any idea when you’ll fix the "Backup NoScript configuration in a bookmark for easy synschronization feature" for Firefox 4, when I check that feature, no bookmark is created. Works fine on Firefox 3.6.9.

By: AnonymousCoward

AnonymousCoward — Fri, 17 Sep 2010 13:30:00 +0000

Oh man, what a bad beta that EMET is in XP so far. Enhanced Mitigation EXPERIMENT Tool. The promised version was NOT in the DL link, and no way could I get Flash on the block list. And a hefty 18MB needed on the disc.
Nice idea though, and if you get the video http://technet.microsoft.com/en-us/security/ff859539.aspx you can see that MS means really to stop legacy applications getting hit. Those guys are just too sweet :-)

It’s just that for stuff out here on the Web, Fx with NS just does it with no mess and no fuss :-)

By: Giorgio

Giorgio — Fri, 17 Sep 2010 07:08:36 +0000

@Cement Head:
Plugins run out of process now in most recent browser versions, so you should actually protect the plugin-host process.
Even so, many plugins (including Flash and Java) can’t be effectively protected because contain JIT compilers, which need write access to executable memory.

By: Cement Head

Cement Head — Fri, 17 Sep 2010 03:25:01 +0000

@exceed:
Why can’t you use EMET to protect the web browser in which the Flash plug-in is running?

By: Alan Baxter

Alan Baxter — Wed, 15 Sep 2010 04:29:49 +0000

@Giorgio:
Oh, I get it now after rereading it. The joke was good, but it was too early in the morning for me to get it the first time.

By: exceed

exceed — Tue, 14 Sep 2010 23:07:34 +0000

Unfortunatelly it’s not possible to EMET-ize Flash… but there’s a NoScriot anyway :D

By: computerfreaker

computerfreaker — Tue, 14 Sep 2010 19:54:57 +0000

"3 or 4 Flash users" is probably going to be pretty darn accurate if Adobe keeps getting their products pwned like this. Between Flash and their PDF reader, Adobe is in deep trouble IMHO.

I’m glad NoScript is blocking this in Firefox, but I think it’s finally time for me to uninstall Flash and Adobe PDF Reader, regardless of what breaks as a result. I have to use at least one non-Firefox browser every day, so NoScript’s great protection regrettably won’t cover me 100% of the time.

By: Giorgio

Giorgio — Tue, 14 Sep 2010 18:00:35 +0000

@Alan Baxter:
It was “3 or 4″ as written, my poor attempt at irony :)
All them are vulnerable, though.

@Citizendruide:
I really doubt Firefox will blacklist an high profile plugin like Flash. Maybe when HTML 5 starts to be seen (and most important, deployed) as a credible replacement.

@Giovanni Bajo:
Sandboxes are overrated. A compromised plugin with full network access (like Flash) can do a lot of damage even if it couldn’t touch anything on your local system, now that our lives move more and more “in the cloud”.