On 7/19/10, <b class="gmail_sendername">Suvayu Ali</b> <<a href="mailto:fatkasuvayu%2Blinux@gmail.com">fatkasuvayu+linux@gmail.com</a>> wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
On Monday 19 July 2010 12:17 AM, Christofer C. Bell wrote:<br> > So yes, the software "works well" in much the same way that "an unpatched<br> > Windows XP works well" but leaves you open to compromise. Note the key<br>
> sentence here: "There are reports that this vulnerability is being actively<br> > exploited in the wild against both Adobe Flash Player, and Adobe Reader and<br> > Acrobat."<br> ><br> > I'm not sure I'd have such a caviler attitude toward it as you.<br>
><br> > [1]<a href="http://www.adobe.com/support/security/advisories/apsa10-01.html">http://www.adobe.com/support/security/advisories/apsa10-01.html</a><br> > [2]<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297</a><br>
><br> <br> Thanks for the concern Chris. My only use for flash is youtube and maybe<br> a few more well reputed mainstream websites/services. I don't want to<br> end up with an unstable FF as its a major part of almost everything I<br>
do. And my previous experiences with nsplugin-wrapper have been _very_ bad.<br> <br> Would you say use of noscript or flashblock would be a good compromise?<br> If not what are my other options? (maybe I should start a new thread for<br>
this discussion)<br></blockquote></div><br>I think FlashBlock would be a fairly good compromise. If you're using FlashBlock, you can safely wander around the web knowing that no flash you do not explicitly authorize will be running. As for NoScript, I'm not sure that it adds value for this specific issue, but I certainly run it anyway (and not for security reasons). <br>
<br>-- <br>Chris<br><br><br>