flashplugin11 goes around the proxy: is this considered a
significant security vulnerability?
yuri at rawbw.com
Tue Mar 13 03:35:53 UTC 2012
I have set up the proxy server on FreeBSD, set it in chrome browser in
Ubuntu, and went to the complex flash site playing video.
In the middle of the run when htmls loaded but flash didn't yet start to
play I killed the proxy.
I expected that flash video will fail. But after a while it still plays
video from the internet.
Obviously, flash 126.96.36.199 ignores the proxy settings and connects
directly. Even though ZDNet article
claimed that this security vulnerability had been fixed in flash 10 in
FreeBSD uses very close flash 11 binary (11.1r102.62). So it must suffer
from the same vulnerability.
More information about the freebsd-emulation