Post Mortem: SWF Vulnerability in YUI 2
The YUI team has discovered a security-related defect in certain self-hosted YUI 2
.swf files, whether or not the .swf files are embedded in your application. Visit the security bulletin for full details about how to identify and replace the affected files.
If your site hosts a YUI 2 distribution between version 2.4.0 and 2.9.0 that includes these files, it is affected by this vulnerability.
If your site loads YUI 2 from Yahoo’s CDN (yui.yahooapis.com) or from Google’s CDN (ajax.googleapis.com), and the files are not hosted on your own domain, you are not affected. YUI 3 is not affected by this issue.
See the security bulletin for information about how to determine whether your site is affected, how to remedy the problem, and how to verify the fix.