| From the openSUSE advisory:
This update resolves a universal cross-site scripting issue
that could be used to take actions on a user's behalf on
any website or webmail provider if the user visits a
malicious website (CVE-2011-2444).
Note: There are reports that this issue is being exploited
in the wild in active targeted attacks designed to trick
the user into clicking on a malicious link delivered in an
email message.
This update resolves an AVM stack overflow issue that may
allow for remote code execution. (CVE-2011-2426).
This update resolves an AVM stack overflow issue that may
lead to denial of service and code execution.
(CVE-2011-2427).
This update resolves a logic error issue which causes a
browser crash and may lead to code execution. (CVE-2011-
2428).
This update resolves a Flash Player security control
bypass which could allow information disclosure.
(CVE-2011-2429).
This update resolves a streaming media logic error
vulnerability which could lead to code execution.
(CVE-2011-2430).
| 