Navigation
Search
|
Microsoft Edge Lets Facebook Run Flash Code Behind Users' Backs
Wednesday February 20, 2019. 07:45 PM , from Slashdot
An anonymous reader writes: Microsoft's Edge browser contains a secret whitelist that lets Facebook run Adobe Flash code behind users' backs. The whitelist allows Facebook's Flash content to bypass Edge security features such as the click-to-play policy that normally prevents websites from running Flash code without user approval beforehand.
The whitelist isn't new. It existed in Edge before, and prior to February 2018, it included 58 entries, including domains and subdomains for Microsoft's main site, the MSN portal, music streaming service Deezer, Yahoo, and Chinese social network QQ. The list was narrowed down to only two Facebook domains (facebook.com and apps.facebook.com) after a Google security researcher found that the whitelist mechanism had some security issues. The bug report also contains the original version of the whitelist, with all the 58 domains. Read more of this story at Slashdot.
rss.slashdot.org/~r/Slashdot/slashdot/~3/HSrA8oluPaY/microsoft-edge-lets-facebook-run-flash-code-beh...
|
25 sources
Current Date
Nov, Fri 22 - 15:24 CET
|