Internet Bug Bounty: Wrong Handling of Content-Type allows Flash injection and Rosseta flash patch bypass

Hey, I spent some time reversing the mitigation of Rosetta Flash. This research helped me to discover a very interesting bug: Adobe Flash player uses "string searching" similar to indexOf over the entire response's "Content-Type" header value to match the "application/x-shockwave-flash" string...