flashplugin11 goes around the proxy: is this considered a
significant security vulnerability?
Yuri
yuri at rawbw.com
Tue Mar 13 03:35:53 UTC 2012
I have set up the proxy server on FreeBSD, set it in chrome browser in
Ubuntu, and went to the complex flash site playing video.
In the middle of the run when htmls loaded but flash didn't yet start to
play I killed the proxy.
I expected that flash video will fail. But after a while it still plays
video from the internet.
Obviously, flash 11.1.102.63 ignores the proxy settings and connects
directly. Even though ZDNet article
http://www.zdnet.com/blog/security/adobe-plugs-dangerous-flash-player-security-holes/5104
claimed that this security vulnerability had been fixed in flash 10 in
late 2009.
FreeBSD uses very close flash 11 binary (11.1r102.62). So it must suffer
from the same vulnerability.
Yuri
More information about the freebsd-emulation
mailing list