So let’s set the stage.
Using Firefox 3.6.7 on Windows 7 Home Premium, X64 flavor. Working just fine.
Use NewsFox as my integrated RSS feed reader. Working just fine.
Starting last weekend, however, I suddenly started getting this annoying Adobe Flash Player Security warning pop-up when tripping over certain RSS feed items.
Different feed sites. The common factor was that they all contained embedded YouTube videos. However, other feed articles which also had embedded YouTube content might not display the link.
The annoyance was that sometimes, on some articles that displayed the link, Firefox would freeze. Sometimes I would have to wait up to two minutes for Firefox to unlock. Sometimes I would get a Firefox plugin crash alert and other times I would not.
Some sites allowed me to click on the “OK” button and the media would display and we would keep moving. Clicking on “Settings” didn’t seem to be helping at all. The dialog window might go away but I never saw that it made a difference.
I checked all my NoScript settings and filters. I checked all my AdBlock Plus settings and features. I added a custom “s.ytimg.com/yt/swf/PMS*.swf” filter per a commonly circulating forum tip to AdBlock Plus. No dice. See the bottom of this old GSD post for my previous wrestles with Firefox and Flash.
It was getting really aggravating.
Other’s have been sporadically reporting on this general issue (with Flash causing lockups in Firefox) as well with much frustration but no effective solution.
I even uninstalled my newly loaded Adobe CS4 applications, reading somewhere that it was possible that security setting in that suite might impact Flash handling for local/internet zones. Didn’t help.
I had installed – uninstalled – and reinstalled the Flash plugin for Firefox multiple times. No fix.
I would not get the error while loading the “full” pages referenced by the RSS feed, only when loading them in the right hand viewing pane in NewsFox.
During all this troubleshooting and web searching, I had been going in and out of the Adobe Flash Player : Settings Manager. I had been tweaking all the settings, trying to set everything (shudder) to “Always allow” under all the tabs. Nada on the fix.
I confirmed the s.ytimg.com was present and allowed for security access. Nothing. Then set it to “Always deny”. No helpful.
I even did a Process Monitor trace during one such test replication and found lots of calls from the plugin-container.exe as it was handling the Flash elements, but no smoking gun.
After many hours this past week I was really getting burned out on the issue.
So in zombie mode, I spent three more hours banging my head on the keyboard until sometime past midnight when certain grey cells in the melon in my skull aligned.
And I read the stupid error message again.
“ Adobe Flash Player has stopped a potentially unsafe operation.
The following local application on your computer or network:
is trying to communicate with this Internet-enabled location:
To let this application communicate with the Internet, click Settings.
You must restart the application after changing your settings.”
Hmmm. Had Captain Obvious missed anything by focusing on access to s.ytimg.com as the issue?
Although I had confirmed s.ytimg.com was listed in the Flash settings (and all the AdBlock Plus and NoScript filters as well), I didn’t see any mention or presence of about:blank in my Flash security settings.
Wonder what would happen if I manually added it under the Adobe Flash Player Settings Manager - Global Security Settings panel?
I restarted Firefox, just for good measure, and tested it on a known RSS feed article that was guaranteed to trigger the alert.
It worked. No more Flash Security Alerts alerts when tripping over embedded You Tube videos in my RSS reader within Firefox.
I also found that setting it to “Always Deny” also seems to suppress the Flash Security Warning alert window as well, though I’m leaving mine set for “Always Allow” for the time being.
These are all trusted sites so hopefully I’m not opening up the browser/system to XSS vulnerabilities or other headaches by dong so.
Choose according to your comfort level.
Hope this helps other’s resolve this annoying (but probably beneficial) security warning.
Still don’t know why it suddenly started popping up last week out of nowhere… There hasn’t been a new version of NewsFox for some time, and my Flash version has remained current/updated, so no changes there. Only thing I can figure is it may have had something to do with the recent bump from Firefox (for Windows) version 3.6.6 to the 3.6.7 version now running. Maybe the schema for handling “about:blank” calls by pages (as handled by NewsFox at least) has been changed slightly in 3.6.7. I’ve only got speculation at this point.