Re: Intent to implement and ship: only allow Flash on HTTP/HTTPS sites

Mon, 13 Feb 2017 16:15:26 -0800 


在 2017/2/14 2:03, Ehsan Akhgari 写道:

On 2017-02-13 11:50 AM, 段垚 wrote:


在 2017/2/14 0:24, Ehsan Akhgari 写道:

On 2017-02-10 7:51 PM, 段垚 wrote:

在 2017/2/11 2:26, t...@ritter.vg 写道:

On Friday, 10 February 2017 08:32:27 UTC-6, Benjamin Smedberg  wrote:

I thought I enumerated the harm at first, but I'll elaborate a little.

1) Flash doesn't know about and breaks our "current and subdirectory
only"
file: origin policy.

2) Flash is a high-risk attack surface: if you can get somebody to
download
a SWF they can probably own your system. We don't have anyone
testing or
defending this effectively.

So we believe that there is significant harm in the current
situation, and
very little upside.

I think #1 is sufficient to remove this behavior, even ignoring #2. A
malicious flash applet open opened from file:// can read the user's
profile, take all their saved passwords, cookies, etc and steal data,
masquerade as them, and perform all manner of malicious activity.

I agree that this is a problem, but I disagree that Firefox must remove
this behavior now.

* This behavior has existed for decades in all desktop browsers, and the
usage of Flash is declining, which means the threaten is also declining.

That is not true.  It is public knowledge that Flash exploits are traded
as a commodity these days:
<https://www.wired.com/2015/07/hacking-team-leak-shows-secretive-zero-day-exploit-sales-work/>.


I guess all popular softwares have exploits being traded. How this fact
invalidates my argument?

I was responding to your point about the threat declining because of the
declining usage of Flash.  This is demonstrably not true.


Why? Assume

    threat_of_flash = exploits_of_flash_per_year * usage_of_flash_per_year


If usage_of_flash_per_year is declining but threat_of_flash is 
increasing, then exploits_of_flash_per_year must be increasing.

But the report you cited does not provide such data.




Also I think forbidding non-http(s) Flash does not fix thoses exploits
magically.

Sure, this is about reducing attack surface, not completely eliminating it.



Non-http(s) Flash takes only a small fraction of all Flash contents, 
even for users who do use non-http(s) Flash.
I don't think users want to drop their local Flash for a small fraction 
of reduced attack surface,
especially if those local Flash don't have alternatives yet. The more 
practical reaction is trying another browser.



_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform



_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform























					Reply via email to