Home / Security / Security: Microsoft Edge Lets Facebook Run Flash Code Behind Users’ Backs

Security: Microsoft Edge Lets Facebook Run Flash Code Behind Users’ Backs

Security:

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

binspamdupenotthebestofftopicslownewsdaystalestupid
freshfunnyinsightfulinterestingmaybe
descriptive

106734270
story


Security: Facebook

Security: IT

Security:

Microsoft Edge Lets Facebook Run Flash Code Behind Users’ Backs (zdnet.com)






Posted
by

msmash

from the fyi dept.

An anonymous reader writes:

Microsoft’s Edge browser contains a secret whitelist that lets Facebook run Adobe Flash code behind users’ backs. The whitelist allows Facebook’s Flash content to bypass Edge security features such as the click-to-play policy that normally prevents websites from running Flash code without user approval beforehand.

The whitelist isn’t new. It existed in Edge before, and prior to February 2018, it included 58 entries, including domains and subdomains for Microsoft’s main site, the MSN portal, music streaming service Deezer, Yahoo, and Chinese social network QQ. The list was narrowed down to only two Facebook domains (facebook.com and apps.facebook.com) after a Google security researcher found that the whitelist mechanism had some security issues. The bug report also contains the original version of the whitelist, with all the 58 domains.



Help! I’m trapped in a PDP 11/70!

Working…

Read More

Share this:

Share

About admin

Check Also

Security: Trump Finds Personal Rapport Goes Only So Far With Xi and Kim

Security: Trump Finds Personal Rapport Goes Only So Far With Xi and Kim

ImagePresident Xi Jinping of China last week at the National People’s Congress in Beijing. President Trump believes that his personal rapport with Mr. Xi could clear the way to a trade pact.CreditCreditJason Lee/ReutersWASHINGTON — He likes one and admits to falling in love with the other. He treasures letters from each of them. And he…

Leave a Reply

Your email address will not be published. Required fields are marked *