Adobe Flash Player and AIR URI Parsing Cross Domain Scripting Vulnerability

Adobe Flash Player and Adobe AIR are prone to a cross-domain scripting vulnerability.

A remote attacker can exploit this vulnerability to bypass the same-origin policy, execute arbitrary script code and obtain potentially sensitive information, or launch spoofing attacks against other sites.

This issue only affects Firefox and Chrome browsers.

NOTE: This issue was previously covered in BID 40759 (Adobe Flash Player and AIR Multiple Remote Vulnerabilities) but has been given its own record to better document it.


Privacy Statement
Copyright 2010, SecurityFocus