Internet Bug Bounty: Bypassing Same Origin Policy With JSONP APIs and Flash

Overview ======== This is a new type of web vulnerability that is made possible by two seemingly unrelated things: - the way JSONP APIs work - the way Flash handles malformed SWF files and has an effect and limitations similar to XSS flaws: - the user has to visit a website set up by the attacker...