flashplugin11 goes around the proxy: is this considered a significant security vulnerability?

Yuri yuri at rawbw.com
Tue Mar 13 03:35:53 UTC 2012

I have set up the proxy server on FreeBSD, set it in chrome browser in 
Ubuntu, and went to the complex flash site playing video.
In the middle of the run when htmls loaded but flash didn't yet start to 
play I killed the proxy.
I expected that flash video will fail. But after a while it still plays 
video from the internet.

Obviously, flash ignores the proxy settings and connects 
directly. Even though ZDNet article 
claimed that this security vulnerability had been fixed in flash 10 in 
late 2009.

FreeBSD uses very close flash 11 binary (11.1r102.62). So it must suffer 
from the same vulnerability.


More information about the freebsd-emulation mailing list