In association with heise online

31 October 2012, 16:55

Vulnerability in Yahoo's JavaScript framework YUI 2

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

YUI logo In a blog post, Yahoo has said there is a security vulnerability in its JavaScript framework YUI version 2. It does not, though, give a detailed description of the bug. The issue only, now, relates to any project where the developers have hosted their own version of the YUI 2 SWF files (from version 2.4.0 to 2.9.0). Those who have used Yahoo's CDN or another CDN for YUI 2 or use YUI 3 are not affected by the issue said Yahoo.

The only information in the post is a connection with "SWF"; this could therefore be something in connection with the presence of the class SWFStore which supports the persistence of data using the Flash Player. The affected version of the framework has, though, been superseded by YUI 3 since 2009; YUI 3 does not include SWFStore.

The Yahoo developers ask affected user to contact them via email to for further information and support.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit