CVE-2012-5883 Information

Description

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0 as used in Bugzilla 3.7.x and 4.0.x before 4.0.9 4.1.x and 4.2.x before 4.2.4 and 4.3.x and 4.4.x before 4.4rc1 allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf a similar issue to CVE-2010-4209.

Reference

http://www.bugzilla.org/security/3.6.11/ http://www.mandriva.com/security/advisories?name=MDVSA-2013:066 http://www.securityfocus.com/bid/56385 http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/ http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/ http://yuilibrary.com/support/20121030-vulnerability/ https://bugzilla.mozilla.org/show_bug.cgi?id=808845 https://exchange.xforce.ibmcloud.com/vulnerabilities/80116