Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4546 to the following vulnerability: Adobe Flash Player 9.0.45.0, 9.0.112.0, 9.0.124.0, and 10.0.12.10 allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers. References: http://www.mochimedia.com/~matthew/flashcrash/ http://www.securityfocus.com/archive/1/archive/1/496929/100/0/threaded
Seems to crash both 9.0.124.0 and 10.0.12.36.
Reporter confirmed that this issue still exists in flash-player 10.0.22.87: http://www.securityfocus.com/archive/1/501691/30/0/threaded
This issue affects the versions of the flash-plugin package, as shipped with Red Hat Enterprise Linux 3, 4, and 5.
This issue has been addressed in following products: Extras for Red Hat Enterprise Linux 5 Via RHSA-2010:0464 https://rhn.redhat.com/errata/RHSA-2010-0464.html
This issue has been addressed in following products: Extras for RHEL 3 Extras for RHEL 4 Via RHSA-2010:0470 https://rhn.redhat.com/errata/RHSA-2010-0470.html