Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
About Microsoft Edge's secret Flash whitelist
#1
Information 
Quote:[Image: edge-flash-disable.png]

Microsoft's Edge web browser users a secret Flash whitelist that allows Flash content to run without click to play protection on included sites.

Microsoft Edge, the default browser of Microsoft's Windows 10 operating system, supports Adobe Flash natively. Flash is set to click-to-play in the browser, and users may disable Flash entirely in the browser's settings.

Microsoft releases Flash updates regularly on the company's monthly patch day to fix security issues discovered in Flash.

It came to light recently that Microsoft implemented a Flash whitelist that allowed Flash content to run on 58 different domains without user interaction. Sites on that list included Deezer, Facebook, the MSN portal, Yahoo, or QQ but also entries that one would not necessarily expect on such a list like a Spanish hair salon.

Microsoft limited the list on this month's Patch Tuesday update to just two Facebook entries and enforced the use of HTTPS for these sites after a Google engineer filed a bug report with the company in late 2018.
[-] The following 2 users say Thank You to harlan4096 for this post:
  • darktwilight, silversurfer
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Microsoft Edge fixes 0-day vulnerability...
Microsoft released...harlan4096 — 10:12
AnyDesk 8.0.9
AnyDesk 8.0.9:   ...harlan4096 — 10:10
AMD Confirms RDNA 3+ GPU Architecture F...
AMD Zen5-based Strix...harlan4096 — 10:08
Adobe Acrobat Reader DC 24.001.20629 (Op...
Adobe Acrobat Read...harlan4096 — 10:06
FastCopy 5.7.5
FastCopy 5.7.5: ...harlan4096 — 10:04

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>