Much Ado About Nothing: Flash 10 blues

Written by Sam Moffatt

Some days we look at the web and see new and interesting things. Some days you just see stuff that breaks things. Today, Flash 10 is one of those. If you haven't heard the news, Flash 10 breaks a lot of web uploaders - ours included. Of course we're not the only one who has been impacted by this issue and it has been an issue during the beta. Solutions are coming out to resolve the issue and to Adobe's credit it has been documented. The issue in the short term is that Joomla!'s upload functionality isn't working if you're using Flash 10, so if this is functionality that you're really tied to try to avoid upgrading to Flash 10. Alternatively you can just disable the Flash uploader completely in Site > Global Configuration > System > Enable Flash Uploader and setting this to 'No'. At least for the current version of Joomla! (1.5.7) and for the next version that we're working on (1.5.8) we're not going to be in a position to update the library to fix the problem for Flash 10. Once fixes have been made available and tested we'll shift it into the next version of Joomla!.

29 Votes

13 Comments

Feed

Nick Kotarski makes this comment

2008-10-28 20:46:59

There is a pretty compelling reason to upgrade to Flash 10 related to Clickjacking.

Quote:
Issue #2a STATUS: To be fixed in Flash 10 release. All prior versions of Flash on Firefox on MacOS are particularly vulnerable to camera and microphone monitoring due to security issues allowing the object to be turned opaque or covered up. This fix relies on all users upgrading, and since Flash users are notoriously slow at upgrading, this exploit is expected to persist. Turning off microphone access in the BIOS and unplugging/removing controls to the camera are an alternative. Here is the information directly from Adobe.

Nick
Nick Kotarski makes this comment

2008-10-28 20:49:56

Part 2:

Quote:
Issue #2c STATUS: Fixed in Flash 10 release. All versions of Flash on IE7.0 and IE8.0 could be overlayed by opaque div tags. Using an onmousedown event handler the object click registers as long as the divs are removed by the onmousdown event handler function. Demo here of stealing access to the microphone.

Personally I would rather have the fix than the functionality that gets broken. But that's just me.

Nick
Michelle Bisson makes this comment

2008-10-29 02:05:19

Thanks Sam for the update!
Ryan makes this comment

2008-10-29 19:37:47

I am attempting to fix this for JCE too, using the swf from FancyUpload2 but rebuilding some of the accompanying javascript to work with Mootools 1.1

I'll post it to the forge if I can get it right.
Leo Lammerink makes this comment

2008-10-31 07:28:54

If you want to roll back to Flash 9 you need to uninstall Flashplayer and you need to do this with the Flash uninstaller as provided here [url=http://www.adobe.com/go/tn_14157here [/url] If you do not use that you have a lot of remainders left (source Michael Horowitz on Cnet

Than you can download the Flash 9 version (42MB)Here and you extract and find the 2 installer files (plugin for firefox and activeX for IE) in the extracted folder
Quote:
flash_player_update6_flash9\Players\Release
Run them and your flash loaders work again.

leo lammerink (aka leolam)
Anonymous makes this comment

2008-10-31 14:15:47

The old versions are still available: http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_14266&sliceId=1

BTW, love the Captcha sound, is that a radio station?
Noel makes this comment

2008-11-03 18:10:57

http://digitarald.de/journal/54706744/fancyupload-for-flash-10/

Fix for the Fancy Uploader, works with J too.
Ryan makes this comment

2008-11-05 19:59:22

Quote:
http://digitarald.de/journal/54706744/fancyupload-for-flash-10/

Fix for the Fancy Uploader, works with J too.

I doubt that will work for Joomla! 1.5 as that new version uses Mootools 1.2, and even if you did upgrade to that and use a compatability layer, there are still quite a number of new and different initialization options for FancyUpload2, so you would have to rewrite parts of com_media to accomodate them.
Nick Kotarski makes this comment

2008-11-05 23:09:16

We are exhorted to update Joomla as soon as a security fix is released. We see many sites getting hacked because they are not updated in a timely manner.

Given that Flash 10 fixes a couple of important security issues why would you make yourself vulnerable by installing Flash 9?

I'm sorry I just don't get it?

Nick
Anonymous makes this comment

2008-12-29 07:19:01

Quote:
I am attempting to fix this for JCE too, using the swf from FancyUpload2 but rebuilding some of the accompanying javascript to work with Mootools 1.1

I'll post it to the forge if I can get it right.

Did you got it right?
Kimberly Koserowski makes this comment

2009-06-29 15:41:27

I turned the Enable Flash Uploader to No and I still receive the script error when trying to use Media Manager in any version of IE so obvioulsy this doesn't fix the problem in joomla and I am using 1.5.11.
Dimitris makes this comment

2009-09-11 03:42:08

Almost 1 year on flash 10 and still no fix on this problem.
And this is major if the sites content deal with a lot of images. If I was a php-js-as3 expert I could rewrite the com_media, but I'm not so I ask the experts out there to do it

Come on someone must have a solution to this!!!!
Lela VH Gamel makes this comment

2009-09-23 01:36:14

guess that the only way that we can still upload is using the old version of Flash, that's great if you are only doing programming, but what if you want to use something so simple as a playback from YouTube... problem is that you can't use Flash 9 in one browser and 10 in another that you don't progranm with.... Flash is a common plug-in to all of the browsers that you have loaded on the frame.

Anybody got any other ideas?.....

Latest Posts

Much Ado About Nothing: Flash 10 blues

13 Comments

Add Comment