Microsoft Edge lets Facebook run Flash code behind users' backs
Google security researcher finds secret whitelist that lets Facebook run Flash content despite Edge's normal security policies.
Microsoft's Edge browser contains a secret whitelist that lets Facebook run Adobe Flash code behind users' backs.
The whitelist allows Facebook Flash content to bypass Edge security features such as the click-to-play policy that normally prevents websites from running Flash code without user approval beforehand.
Prior to February 2019, the secret Flash whitelist contained 58 entries, including domains and subdomains for Microsoft's main site, the MSN portal, music streaming service Deezer, Yahoo, and Chinese social network QQ, just to name the biggest names on the list.
Microsoft Edge lets Facebook run Flash code behind users' backs | ZDNet Full Read.
Google security researcher finds secret whitelist that lets Facebook run Flash content despite Edge's normal security policies.
Microsoft's Edge browser contains a secret whitelist that lets Facebook run Adobe Flash code behind users' backs.
The whitelist allows Facebook Flash content to bypass Edge security features such as the click-to-play policy that normally prevents websites from running Flash code without user approval beforehand.
Prior to February 2019, the secret Flash whitelist contained 58 entries, including domains and subdomains for Microsoft's main site, the MSN portal, music streaming service Deezer, Yahoo, and Chinese social network QQ, just to name the biggest names on the list.
Microsoft Edge lets Facebook run Flash code behind users' backs | ZDNet Full Read.
