This pertains to content that loads data via flash.net.URLLoader, but likely affects all Flash data-loading APIs. Currently, Shumway supports master policy files named crossdomain.xml that are located in the root directory of a web server. However, if the file is redirected, the policy file at the final URL is honored. This should be disallowed. Policy file spec: http://www.senocular.com/pub/adobe/crossdomain/policyfiles.html
Rephrased, this is a security issue. A malicious SWF could retrieve a permissive policy file from a domain it controls, and the domain could redirect to a 3rd party and/or intranet site, to perform CSRF.
Product: Firefox → Firefox Graveyard
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.