Mandriva Linux Security Advisory 2014-169 - Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery attacks against Bugzilla's JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.
f5bd598a395b6c05ed00bff7322ba053ea6bda85e2b6ae397f5bc9946a6a1af1