

Wikileaks.org users at risk due to a Web vulnerability - koyllm

We have been made aware of a potential security risk with open source software Wikileaks is utilizing which uses a flash library to display PDF files. Two vulnerabilities XSS and content spoofing can be used by malicious users. Whether to affect the privacy of users of wikileaks. eg: Using Flash components specifically to decloack behind Tor network users OR link to external content to discredit Wikileaks, something Wikileaks should avoid given the nature of the content published on Wikileaks servers. Given the fact that most browsers use plugins to enable the reading of PDF&#x27;s, we strongly urge Wikileaks to link directly to PDF files instead of using third party software that could put users at risk<p>http:&#x2F;&#x2F;www.wikileaks-forum.com&#x2F;security-support&#x2F;608&#x2F;-flexpaper-pdf-viewer-used-on-wikileaks-org-presents-security-risk-for-users&#x2F;32700&#x2F;msg66862#msg66862
======
sarciszewski
Possible solution: They could use pdf.js and/or mirror the files on
[https://pdf.yt](https://pdf.yt) instead.

