CVE-2010-4209 Information

Description

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1 as used in Bugzilla 3.7.1 through 3.7.3 and 4.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html http://secunia.com/advisories/41955 http://secunia.com/advisories/42271 http://www.bugzilla.org/security/3.2.8/ http://www.openwall.com/lists/oss-security/2010/11/07/1 http://www.securityfocus.com/archive/1/514622 http://www.securityfocus.com/bid/44420 http://www.securitytracker.com/id?1024683 http://www.vupen.com/english/advisories/2010/2878 http://www.vupen.com/english/advisories/2010/2975 http://yuilibrary.com/support/2.8.2/