The update pack also comes with two fixes for high-risk flaws, both involving involve same-origin violation security bugs. The first exploit is based on loading an Adobe Flash file via the view-source: scheme. Apparently, the Flash plugin misinterprets the origin of the content as localhost, leading to two specific vulnerabilities.
First, the Flash file can bypass restrictions imposed by the crossdomain.xml mechanism and initiate HTTP requests to arbitrary third-party sites, thus enabling attackers to perform CSRF attack. Second, the Flash file can read and write Local Shared Objects on a user’s machine and would enable attackers to place cookie-like objects on a user’s computer and track them across multiple sites.
The other high-risk flaw enables users to create a document whose URI does not match the document’s principal using XMLHttpRequest. This type of mismatch leads to incorrect results in principal-based security checks and could be used to execute arbitrary JavaScript within the context of another site.
Users will automatically receive the new update in the next 48 hours.