A flaw was found in how Flash Player's jar: protocol handler interacts with Mozilla. This flaw could result in sensitive informatoin being disclosed.
Public now via upstream security bulletin: http://www.adobe.com/support/security/bulletins/apsb08-20.html Fixed in: 9.0.151.0 and 10.0.12.36
This issue was addressed in: Red Hat Enterprise Linux Extras: http://rhn.redhat.com/errata/RHSA-2008-0945.html http://rhn.redhat.com/errata/RHSA-2008-0980.html