YUI JavaScript library -- JavaScript injection exploits in Flash components

2010-10-25T00:00:00
ID D560B346-08A2-11E0-BCCA-0050568452AC
Type freebsd
Reporter FreeBSD
Modified 2010-10-25T00:00:00

Description

The YUI team reports:

A security-related defect was introduced in the YUI 2 Flash component infrastructure beginning with the YUI 2.4.0 release. This defect allows JavaScript injection exploits to be created against domains that host affected YUI .swf files.