Adam
unread,May 24, 2012, 1:00:49 PM5/24/12Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to SWFObject
The repository has an updated version of swfobject.js that addresses a
"cross-site scripting vulnerability fix to MMredirectURL for both
compressed and src versions as described by Adobe", however the
swfobject_2_2.zip linked on the downloads page does not include this
fix, nor is there a notice stating a more secure version is available.
Seeing as that fix is the last update and occurred 3 years ago, could
we not make that the latest release version? Also Wordpress now
incorporates that same fix in their most recent package, so I think we
can safely assume that it has some widespread testing.
Thanks!