This update includes a change to the way Flash Player interprets HTTP response headers to prevent a potential cross-site scripting attack. (CVE-2008-4818)
This update introduces a change to mitigate a potential issue that could aid an attacker in executing a DNS rebinding attack. (CVE-2008-4819)
This update introduces stricter interpretation of an ActionScipt attribute to prevent a potential HTML injection issue. (CVE-2008-4823)
This update prevents an issue with policy file interpretation that could potentially lead to bypass of a non-root domain policy. (CVE-2008-4822)
This update prevents an issue with the Flash Player interpretation of jar: protocol on Mozilla browsers that could potentially lead to information disclosure. (CVE-2008-4821)
This update prevents a potential Windows-only information disclosure issue in the Flash Player ActiveX control. (CVE-2008-4820)
Affected Flash Player versions are Flash Player 9.0.124.0 and earlier. Users with vulnerable version should update their versions to Flash Player 10.0.12.36. Those users who can't update their versions to Flash Player 10 may use an update to version 9.0.151.0. Both 10.0.12.36 and 9.0.151.0 contain fixes also to the issues reported in Security Advisory APSB08-18.
More information and instructions for updating can be read here.
No comments:
Post a Comment