Why does this community allow flash footers? Isn't there a potential exploit, allowing users to hijack accounts and steal passwords?

A while ago, yes. It has since been 'corrected' - its effects can be avoided by the html code used to embed the swf.

Isn't there a potential exploit, allowing users to hijack accounts and steal passwords?

hehe we are a peaceful community - who would ever think of hacking into our little Kirupaville ?
Besides Flash Footers Rock - get one :beam: !

whaddya mean you lock your files ???

Senocular, what you said is not true. The issue has not been corrected.

I read somewhere it can be prevented with the html embed

Not here, apparently

unless you dont have any recent flash player installed, everything should be fine..

I (kamyab) am able to sign into mlk's account, so something is deffinately wrong.

how did you do that?

ooops

jubba - http://eyeonsecurity.net/papers/flash-xss.htm :)

I will let you know in a PM
[edit]
ahmed, thats it. Well, almost.

Maybe what Im thinking of is something completely different

well that's odd. Over at another forum we have contacted macromedia about this security hole back in july.. they said they "have this issue resolved and will be releasing a player very shortly (but within the month of July) as we announced previous." By now i think everyone would've upgraded they're player.. :-\

I think senocular was talking about this
http://www.macromedia.com/support/flash/ts/documents/allow_script_access.htm


AllowScriptAccess can prevent a SWF file hosted from one domain from accessing a script in an HTML page that comes from another domain. Using AllowScriptAccess="never" for all SWF files hosted from another domain can ensure security of scripts located in an HTML page.
What if both the swf and script are on the same domain?