Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing. Per: http://www.adobe.com/support/security/bulletins/apsb10-14.html
'Affected software versions
Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris
Adobe AIR 1.5.3.9130 and earlier versions for Windows, Macintosh and Linux'