FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

linux-flashplugin -- cross-site scripting vulnerability

Affected packages
linux-flashplugin <= 9.0r289
linux-f10-flashplugin < 10.3r181.22


VuXML ID 57573136-920e-11e0-bdc9-001b2134ef46
Discovery 2011-05-13
Entry 2011-06-08

Adobe Product Security Incident Response Team reports:

An important vulnerability has been identified in Adobe Flash Player and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player and earlier versions for Android. This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message.


CVE Name CVE-2011-2107