Flash 8 security issue

Similar Messages

• Problems with Flash Security issues and Captivate projects

  Hello,
  We're putting together a flash based eLearning course that has been created primarily in Adobe Captivate with flash plugins. The course consists of several modules, all which are embedded into HTML files that are linked to each other.
  Our client wants the project on a CD, which is starting to create some problems. Everytime the project goes to open another HTML/flash page, the security issue comes up that mentions that the flash player is trying to communicate to the internet.
  Now usually the way to get around this is to go into the security settings and add the CD as an accepted URL - however we can't do this for several reasons. The main one is that we are encasing it within Firefox Portable (included within the CD and as such, read only) and the computers it is being used on may not be connected to the internet.
  Any idea how we can get around this? Are the flash player settings stored somewhere locally on your computer, and can we configure them there? (perhaps through an ini or something) to place on the CD with the plugin for Firefox Portable? Is there a simpler way to address this that we're just not seeing?
  Thanks,

  Hi there
  I agree with Michael.
  Server2Go is also what I'd have offered. The mention of Firefox portable sound intiguing, but I'm really skeptical that it will do what is needed in this case.
  In case it will help, here are some steps for Server2Go.
  Download the Server2Go software from http://www.server2go-web.de/download/download.html
  Choose the Micro package
  This should result in receiving a zip file named distribute_apache1.3_micro.zip
  Unzip the contents of the zip file to the root of your hard drive ( C:\ )
  This should create a folder named distribute_apache1.3_micro
  Open this folder and delete the following files and folders inside:
  Files:
  splash.bmp
  logo.ico
  readme.txt
  Folders:
  dlls
  dbdir
  cgi-bin
  Open the htdocs folder and delete all files and folders inside.
  Copy all of your Captivate output files to the htdocs folder
  Rename the HTML page Captivate created to index.htm
  Copy the contents of the distribute_apache1.3_micro folder to the CD-ROM and test!
  Hopefully this helps... Rick
  Click here for Adobe Certified Captivate and RoboHelp HTML Training
  Click here for the SorcerStone Blog
  Click here for RoboHelp and Captivate eBooks

• Flash security issue; Error #2170, crossdomain.xml

  Hi,
  we are using Xcelsius 2008, SP3, together with BO XI 3.1 SP2 (Edge; Linux) and SAP BW.
  We have build a dashboard using Query as a Web Service as datasource (pointing to a SAP BW query).
  When we export the Xcelsius file to the BO repository and run the file from InfoView (or CMC), we get a #2170 error.
  The resolution seems to create a crossdomain.xml file so that Flash Player doesn't block the execution of the file any more.
  Do I have to place this crossdomain.xml file on Tomcat (BO) or SAP BW (transaction SICF)? Are there other solutions for this problem?
  Thanks!

  1. Look for crossdomain.xml in the following folder <BOBJ installation directory>/Tomcat/webapps/ROOT, if it is not there create one.
  2. The content of crossdomain.xml should look like follow:
  <?xml version=”1.0″?>
  <!DOCTYPE cross-domain-policy SYSTEM “http://www.adobe.com/xml/dtds/cross-domain-policy.dtd”>
  <cross-domain-policy>
  <allow-access-from domain=”*” secure=”false” to-ports=”*”/>
  <allow-http-request-headers-from domain=”*” headers=”*”/>
  </cross-domain-policy>
  3. Then restart the Tomcat server
  Reference quoted

• Change Flash Security Settings With No Internet Access?

  Hello
  I have firefox at home with no internet access, is it posible
  to alter my flash installation so it enables access to other
  content. it brings up a settings window but that just goes to a
  dead url.
  I have a a collage disk but it will not run untill I alter
  the settings of flash to allow acess to other site, other location?
  Please help?

  phil ashby wrote:
  > Glad it worked!
  >
  > Urami, I did some fairly extensive tests with this idea
  and it seemed to work
  > each time - although all our corporate machines have the
  same build. Even if
  > the directory didn't exist, if you created it and placed
  the SOL inside, it
  > words. In the end I never actually used it as I
  distributed the app as an exe
  > which doesn't have such draconian security requirements,
  also it obviously
  > overwrites the users original version, if present.
  I agree with you, I tried different SOL editor and it work
  when i tried.
  I believe what I used was more than SOL explorer/reader
  rather then editor
  even tho it has this option is seem the file stop working and
  hence the
  problem I was claiming about the files not work properly.
  Perhaps it was changing something and flash did not like
  these changes.
  Anyhow, I did try another tool and did manage to work.
  Thanks
  > Personally, I think it's a bit of a hole in the whole
  Flash security issue.
  Won't comment on that one :) Something just seem way
  unnecessary and silly...
  Best Regards
  Urami
  !!!!!!! Merry Christmas !!!!!!!
  Happy New Year
  <urami>
  If you want to mail me - DO NOT LAUGH AT MY ADDRESS
  </urami>

• Flash Security Settings and Random Questions not Displaying

  Hey folks,
  I created a Captivate 4 project with 3 slides and a question pool of about 70 questions in which I am randomly pulling in. I am using IE7 and Flash 10. Publishing in Flash 10. If I publish or view in Preview in a web browser the project launches, plays the first 3 slides, and then goes blank when the first question should appear. Note: previewing the project AND publishing the project as an .exe does launch and display all the questions correctly. It ends up being a flash security issue. I went to the adobe site and via the Adobe Flash Player Security Manager" I entered in the main .SWF captivate-generated file as a trusted file and then re-ran the published captivate project and it ran correctly. Question is ... what do I need to do to set up flash or my project so I don't have to do this for every new project that I deploy? I don't want to have the users have to go in and add whatever I deploy as a trusted file. It's also a little confusing as to why the first three slides played and it stopped at the questions ... seems like if it's not a trusted file, that it wouldn't run at all.
  Thanks for any help!
  Chris

  Hello again
  I think I'd be investigating a temporary web server to host on until things are ready. Here's where it will help.
  By providing files to the end users, if you are copying files over you end up having to explain how to save the files. You then have to walk them through setting the Flash Security so they can properly view. It all just becomes a pain in the kazoo.
  If you can find some server space, you simply upload the content and provide a link for the users to view the content.
  Other than that, if you are insistent that copying is the way to fly, I might suggest you establish a known location where you want everyone to copy their files. Perhaps C:\TestFolder. Then provide some instruction on how to configure the folder with the relaxed Flash Security. From there forward, anything they copy to the folder should need no security adjustment.
  Cheers... Rick
  Helpful and Handy Links
  Captivate Wish Form/Bug Reporting Form
  Adobe Certified Captivate Training
  SorcerStone Blog
  Captivate eBooks

• Problems with Captivate Redirects, possibly Flash Security and XML

  Hello fellow Captivarians,
  First a little backstory, earlier in the year we developed a course that heavily used external image files, which were gathered and organised through an XML file, then placed into Captivate 4 through a widget. This was all developed in Actionscript 3 and was designed to be accessed locally, on the user's computer from a CD Drive.
  We had a whole deal of issues with Captivate and Flash security issues, finding that we could not get the importing to work correctly in Internet Explorer as it outright refused to import the XML file (Presumably because of security issues). However, Firefox would work fine. Eventually we got it working via a bandaid solution by prepackaging the course with a firefox portable install.
  Now many months later, we have discovered our previous solution still works, but it now outright denies any redirects from HTML page to HTML page, regardless if the content is on the CD or if it's on the harddrive. Buttons that link to external sources will not work, (even if it's just a local page in the same directory).Flash player simply refuses to redirect between HTML pages. We tried some older projects that were developed in AS2 - and this wasn't an issue.
  The odd thing is however, on my computer it still works fine. However, on everyone elses in our office, it will not redirect at all. We are all running the same version of Flash Player, and the same version of Firefox...
  Any ideas? Could it have been a recent update with the Flash Player that prevents this sort of interaction?
  Cheers.

  Hi there
  Have you tried configuring the Flash Security Settings? That's my guess.
  Click here for a tutorial on how to configure
  If this will be on CD-ROM or DVD, you may need to consider adding a light version of a Web Server to the media and launching via that.
  Helpful and Handy Links
  Captivate Wish Form/Bug Reporting Form
  Adobe Certified Captivate Training
  SorcerStone Blog
  Captivate eBooks

• Security issues for Flash cookies, Local Shared Objects, .sol files

  Good day, all
  I just found out a bit about flash cookies from Wikipedia and http://epic.org/privacy/cookies/flash.html
  I was wondering if there was a security issue with these (as opposed to privacy issues)?
  It seems easy enough to prevent them being stored or delete them after they are set.
  Thanks,
  Hugh

  Hello Patricia,
  You wrote,
  I came to this forum to see if I could find out how to delete adobe's flash cookies
  You have to do it online via this website.
  Macromedia's Website Storage Settings panel
  Note: As the site says, the dialogue box is not an image, "it is the actual settings manager"
  I just tried it out and deleted the flash content from How Stuff Works, then revisited the site (How Stuff Works) and it didn't add it back, so it seems to work as stated.
  regards roam

• Privacy/Security Issue with Adobe Flash 10

  Not sure if anyone has noticed this or not, but there is a
  bizarre (if minor) privacy/security issue with Adobe Flash Player
  10. I came across it while attempting to upload a file to Flickr.
  Previous versions of AFP do not exhibit this problem.
  Specifics: using Firefox 3.x, Vista.
  The problem: When Flickr calls the "open file" dialogue in
  Flash 10 (in order to upload files) via the "Upload Photos and
  Videos" link, at the bottom of the dialogue, to the right of the
  "File Name" box, sits a common UI element that brings up a dropdown
  menu of what appear to be (or at least are supposed to be) recently
  viewed or downloaded or accessed files. Actually I'm not sure how
  Flash 10 compiles or accesses this list of files, but at any rate,
  a list of files come up.
  The problem is that, as far as I can tell, the list of files
  that come up reference a long list of files, some that are very old
  and that no longer exist, and that there is no way that I can find
  to clear the list. This is a minor security/privacy issue, as
  generally there should be a way to prevent a dialogue from
  displaying a long list of past-accessed files by clearing a cache
  somewhere or other -- imagine if it was impossible to clear the
  history of a web browser, for example -- this would be considered a
  pretty significant privacy issue. I have tried everything from
  flushing the browser cache to uninstalling and reinstalling the
  browser to uninstalling and reinstalling Adobe Flash to using the
  Flash Settings Manager to clear out the Flash saved sites to
  turning off Vista indexing to clearing out Vista's Recent Items
  list. None of these actions did anything to clear out this list of
  files. I can find no references to these files anywhere when I use
  Vista Search (with unindexed and system files searched as well),
  and I can find no reference to the files anywhere in the registry
  (I checked just in case Flash 10 was storing this index in some
  really bizarre place.) I've linked to a screenshot below of what
  I'm talking about -- most of the files listed below were deleted a
  long, long time ago, and so I have no idea why this dialogue refers
  to them.
  Screenshot
  Is there a simple work-around for this that I'm unaware of?
  Even if there is, there needs to be some more obvious way to clear
  out this list. Where is this information being stored, and what
  criteria does this list use to "put a file on the list"?

  Thanks for putting me on the right scent. That's what I'd
  originally thought, too -- it's just that the file-> open dialog
  was giving an entirely different list of files with other
  applications, so I assumed that it must be Flash that was the
  culprit. Turns out the reason it was different with Flickr was
  because it was restricting the file results via a long string of
  video and picture filetypes that are compatible with the Flickr
  service.
  It turns out the information I'm looking for is buried deep
  within the registry. The only way to clear out this list of files
  is to delete the following key (or specific subkeys):
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidl MRU
  Seems more than a little stupid to store such information in
  the registry if security is your concern. Vista beguiles me
  sometimes.

• Flash Player Security issue

  All,
  Please note that I've just had a chat discussion with Adobe support because of a security issue in the most recent update of Flash that caused services from several providers to become inaccessible.  Does anyone have any information regarding this issue?

  Unfortunately, that doesn't help me pin it down much.  It sounds like we tightened restrictions on a behavior that was previously allowed, which caused them to need to update their content.  The web is a dynamic place, and Flash has an obligation to be a good citizen in the larger ecosystem.  As new web standards evolve and emerge, it's important that Flash Player is aligned with them to the extent possible.  In the same vein, we work closely with partners in industry, academia and government to identify and resolve security issues based on the latest research and intelligence. 
  While we take backwards compatibility seriously, the security landscape looks very different than it did 5-10 years ago.  The security of both end-users and the network is of paramount importance.  With the quantity and age of existing Flash content (not all of which is generated by Adobe software), it's incredibly difficult to anticipate whether or not content will break when we change something, particularly if it's esoteric.  We operate a public beta program and encourage content providers to participate in order to prevent unexpected outages as the result of changes to Flash Player.  The beta can be found at http://www.adobe.com/go/beta/. 
  If your cable provider needs assistance in resolving the issue, their engineers are more than welcome to reach out to me directly.

• Flash Player "known security issue"

  Trying to install update for Adobe Flash Player 15.0.0 on iMac OS X Yosemite 10.10.1 Safari Browser. Get Message "The version of "Adobe Flash Player" on your computer has known critical security issues. Only websites set to "Always Allow" are allowed to run this plug-in. To protect your system, use of this plug-in is now blocked for all other websites." I have retried download several times, but am blocked each time by the same above result.
  Please Help!
  Fritz

  Hi,
  You might want to add this as a bug over at bugbase.adobe.com.  I gave it a try on my Win 7 x64 system but wasn't able to reproduce the problem (see video link below.)  In addition to the bug report, I'd also recommend reposting over on the Flash Professional forums?  This forum is primarily for end users, the Pro forums will get you in touch with a wider developer audience.
  http://youtu.be/lWDUxrxBmoQ?hd=1
  Thanks,
  Chris

• Would downloading the YouTube app open me up to the security issues of Flash?

  I don't use Flash or Java because of security concerns. As a result, there are many YouTube videos that I cannot watch (which I can live with).  
  There is an app for from the App Store for YouTube. Would downloading the YouTube app open me up to the security issues of Flash?

  No, The You Tube App does not run flash in any way, and as Flash cannot run on an iPad there's no way to be susceptible to its security issues. Even the Browser Apps that support flash encoded Videos, do not run flash, they decode the video at a servers of the App makers and then stream the video in a compatible format to the App.

• Using latest version of fireFox to access Think Central, pages will not load and they say that this is a security issue with FireFox?

  Teachers in our district are supposed to use www.thinkcentral.com with FireFox.
  Some have no problem accessing the lesson plans.
  Most when they login click on a lesson plan and an icon shows up that says loading but never does.
  If you reboot the computer and login you can open a page once but not a second time and no other lessons will open.
  Think Central support says this is a security issue with Firefox.
  I have updated FireFox, all the Adobe, Reader, Flash, Air and Shockwave. As well as Java.
  I have allowed the pop ups to the think Central web site.
  Any help would be appreciated

  Are there any notification icons on the left end of the address bar? If so, please click them to see whether they related to security issues (such as blocked content - shield icon: [[How does content that isn't secure affect my safety?]]) or a plugin requiring permission (Lego-like icon).
  Does Think Central have any help pages about this issue? Without an account, it is difficult to explore the issue first-hand.

• Flash security settings panel

  I am new to FlashPro CS5.  I need to use it with SlideShowPro Director and the associated product 'ThumbGrid'.
  I followed the instructions and settings from SlideShow Pro but nothing happens when I publish.  They say I need to go to the flash security settings panel and add my local folder as a trusted location to execute the files from.
  I cannot find the flash security settings panel.  Can I get a hint on where to find the flash security settings panel. I need to add my local folder as a trusted location to execute the files from
  Has anyone in the forum had experience with SlideShowPro Director or Thumb Grid.

  Its okay continue with the thread, the next thing is about the crossdomain policy, you should also know about that for these kind of issues, let see with the following links:
  http://www.designswan.com/archives/actionscript-30-flashs-security-sandbox.html
  http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/system/Security.h tml?filter_flash=cs5&filter_flashplayer=10.2&filter_air=2.6
  http://kb2.adobe.com/cps/142/tn_14213.html

• Can I create a form that doesn't trigger Acrobat's JavaScript disabled / security issues warning?

  Hello,
  Can I create a pdf that doesn't trigger Acrobat's JavaScript is currently disabled and this document uses it for some features.  Enabling JavaScript can lead to potential security issues.
  I even get this error when I create a blank pdf.
  I'm not using any JavaScript in the form and the nature of the message might tend to be a bit scary to some people since it mentions enabling JS can lead to potential security issues.  I basically want to disable the messaging of a feature I'm not even using.
  Anyone know if this is possible and if so, how I go about it?
  Thank you.

  Hi,
  I too share your frustration!!
  Unfortunately I do not have a complete answer for you.
  From the start I must say that Stefan Cameron has been very helpful (http://forms.stefcameron.com/2010/01/14/acrobatreader-9-3-now-available/), however I have not had sufficient time available to deal with the issue (or find a satisfactory resolution).
  The original post that Srini shared with you related to an XFA form that had FormCalc and Javascript in it. I will now share with you another situation that is closer to your experiences.
  Sometimes where we have a complex solution/form, we often give our users a PDF with instructions and demonstrations. We generate these using Adobe products:
  LiveCycle Designer ES to generate the solution/form;
  Captivate to record the demonstration (.swf);
  Acrobat to package it up in a static PDF.
  The screen shots below are from a PDF that includes written instructions and six Flash (.swf) files. The PDF does NOT include fields/form objects and does NOT include any FormCalc or Javascript.
  One of the big sells in Acrobat 9 was that Adobe had fully integrated Flash (Adobe product, ex. Macromedia) into Acrobat 9. This mean that .swf files could run natively inside a PDF. Brilliant!!!  The website today is still pushing this message, for example:
  Now bear in mind that the following screenshots are from a PDF that does not contain any scripting - its sole purpose is to "inform" the user, "look as good as the work I put into it", incorporate instruction and "multimedia" in a "single polished file" and I should be "confident that my audience will be able to view my work exactly as intended".
  Not so!!
  When the user now opens the form, all looks OK. No warning. They can read the instructions and scroll down to the multimedia (.swf files).
  However when the user clicks on the multimedia, the yellow bar appears:
  I go through the "trust" process:
  And the PDF looks like it is OK, no yellow bar. When I click on the multimedia, it begins to play - yes!! BUT ONLY FOR A SECOND OR TWO AND THEN IT STOPS AND GOES BACK TO THE START - AGGGGHHHHHHH!!!!!. I would apologise for shouting, but this is beyond frustration. The work in capturing six screencasts in Captivate, annotating them, publishing to .swf and packaging up in Acrobat has been a complete waste of time. Worse than that I now have several PDFs out there, that do not work. Good advertisement for my business? I don't think so!!
  The document that Stefan provided (Managing JavaScript Execution in the Acrobat Family of Products) does not mention Flash/.swf as being a problem. However I would recommend that you go through this document, as it may help you.
  So, where to now? I don't know. The previous posts and Stefan's responses have several urls that may help. You should maybe consider logging your experiences as a bug (log at Adobe).
  In the meantime good luck,
  Niall
  UPDATE:
  This behaviour (.swf playing for only a few seconds) happens in PDFs where the .swf is inserted as legacy media to run in earlier versions of Acrobat/Reader. In this case Acrobat/Reader is making an external call to Flash Player. Hence the yellow bar. However it does not explain why the Flash video still does not play when trusted.
  If the .swf is added into the PDF as Flash media to run on Acrobat 9 and above, then it works without displaying the yellow warning bar.
  So maybe any feature of your PDF that calls an external resource is likely to show the yellow warning bar.

• You Tube Widget - Flash Security Settings

  Hello,
  I managed to embed sucessfully a You Tube video by using flash factor widget.  It works when published to a web server no problem.  However it looks like anybody else who views it has to adjust their flash security settings.
  Is there away around this issue?
  Help would be greatly appreciated
  Thankyou
  Alison

  Hi all
  One way past this would be to include and install a light web server known as "Server2Go". It's pretty simple to install and it tricks the Flash Player into thinking the content is running from a server.
  Site to obtain Server2Go:
  http://www.server2go-web.de/
  Instructions for using it with Captivate:
  http://forums.adobe.com/message/892584
  Cheers... Rick
  Helpful and Handy Links
  Captivate Wish Form/Bug Reporting Form
  Adobe Certified Captivate Training
  SorcerStone Blog
  Captivate eBooks