I recently had a critical OS error forcing a reinstall.
Since doing this and recovering what I could from the previous install, I no longer have any functionality in the Flash cache. I am given the Allow/Deny dialog every time for the same flash application served (accept caching, refresh, dialog returns).
Any settings or other saved information (e.g. game saves and tracked achievements) is confirmed not to persist where reliant on my local machine.
I have uninstalled the Flash player (both NPAPI and PPAPI) and cleaned out all traces of Flash Player from my AppData, then reinstalled the player; this did not solve the issue.
Issue only appears to be happening in NPAPI (firefox). Chrome test of identical application persists information where Firefox does not.
Using latest Firefox version (54) and Flash Player plugins (126.96.36.199).
Have cleared Firefox cache, Flash cache, removed and reinstalled Flash as previously mentioned without solving issue.
Cause of fault: Directory Junction of Windows User folder
Workarounds to issue: Avoid junctioning User folder; use following steps to direct Windows to use another location without Junction:
• Enter Registry (preferably on alternative account to avoid issues with running context)
• Navigate to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\"
• Find the current user's subfolder (look at the ProfileImagePath key to recognise User folder path)
• Alter ProfileImagePath key to point to Junctioned user folder location
• Remove now unneeded Junction link
• Upon signing back in to affected account, NO Windows errors should be thrown w/r/t User data being missing/corrupt and Flash Cache should work as no junction is present.
Workaround confirmed on Windows 10 64bit; Firefox 54.0; Flash Player 188.8.131.52
Yes. Having a junction in a path to a user folder can lead to arbitrary writes under certain circumstances. We disabled support a couple years ago, and require that you set a flag to get the legacy behavior.
You can find details here:
Thank you for the information. It would be nice if there was a visible notification of this protection being triggered to better inform unwitting users. We can't be expected to know all the minutia of security updates from years ago.
However, setting that flag does not appear to return correct behaviour in Firefox, even if Protected Mode is disabled for the SWF plugin.
Also you should probably revisit the code:
I feel like asking a user to change their system (regedit to avoid junction) to suit a program is strictly considerable as a workaround, not a solution, despite being what the Administration Guide recommends.
Thanks for your feedback.