Quote:
|
Originally Posted by mookiemookie
Not quite:
Quote:
According to someone who attended the semi-restricted OWASP presentation, the issue is indeed zero-day, affects all the different browsers and has nothing to do with javascript:- In a nutshell, it’s when you visit a malicious website and the attacker is able to take control of the links that your browser visits. The problem affects all of the different browsers except something like lynx. The issue has nothing to do with JavaScript so turning JavaScript off in your browser will not help you. It’s a fundamental flaw with the way your browser works and cannot be fixed with a simple patch. With this exploit, once you’re on the malicious web page, the bad guy can make you click on any link, any button, or anything on the page without you even seeing it happening.
|
http://blogs.zdnet.com/security/?p=1972 |
Wrong answer. With NoScript, you control what goes in and out, and this includes Flash.
-S
PS. This should help you understand:
Quote:
|
The NoScript Firefox extension provides extra protection for Firefox, Flock, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank), and provides the most powerful Anti-XSS protection available in a browser.
|
Basically, Flash or anything coming into or leaving Flash, or the browser for that matter, has to be allowed first and by default nothing is allowed. Load it already. You get to even control third party hooks into Flash. Make sense now?