Flashblock Bypass

[Sowhat <smaillist () gmail com>]

Hi

I accidentally encountered a Flashblock bypass condition today.

For those who dont know what Flashblock it is,
"*Flashblock is an extension for the Mozilla, Firefox, and Netscape browsers
that takes a pessimistic approach to dealing with Macromedia Flash content
on a webpage and blocks ALL Flash content from loading. It then leaves
placeholders on the webpage that allow you to click to download and then
view the Flash content.* "

As stated by Philip Chee, the developer of Flashblock, "Flashblock is a
content blocker pure and simple. Flashblock is not
designed to improve your security at all.".

However, as the flash vulnerabilities become more prevalent,  Flashblock is
recommended to be used to for security purpose.
At least I know lots of security researchers are using  either Flashblock or
Noscripts to block flash.

OK, here comes the Demo:
For those who are using Flashblock with Firefox 3, Go to
http://secway.org/pr14/flashblock.htm

It does not work with FF2, as Philip commented:
"*Unless the embed identifies itself as a flash object in some way we
can't block it. On Firefox 2.0 we can block it because FX2 did some
mime type sniffing and silently added application/x-shockwave-flash
to the embed. Firefox 3.0 is stricter in avoiding mime-type sniffing*."

Anyway, Philip is right, *You can not rely on Flashblock to block all flash
and improve your security*.

Thanks
-- 
Sowhat
http://secway.org
"Life is like a bug, Do you know how to exploit it ?"

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/