Security Announcement: SWF Vulnerability in YUI 2

By YUI TeamOctober 30, 2012
Update: Additional information is available about this issue.

We have identified a security vulnerability on self-hosted YUI 2 SWF files. * Users of YUI 2 via or another CDN are not affected by this issue. * Users of YUI 3 are not affected by this issue. Any project that hosts YUI 2 SWF files (any version from 2.4.0 through 2.9.0) on its own servers should email us right away at

security (at) for more information and support.

Note: This vulnerability is also listed under CVE-2012-5881, CVE-2012-5882, and CVE-2012-5883.