"We recently researched an interesting DOM-based XSS vulnerability in
Adobe Flex 3 applications that exploits a scenario in which two frames
(parent & son) interact with each other, without properly
validating their execution environment.
In our research, we have seen that in some cases, it is
possible to manipulate JavaScript code flow, by controlling the
environment in which it runs. Specifically, we managed to return
hacker-controlled boolean values to conditional statements, and by that
force the application to be vulnerable to an existing DOM-based XSS,
which was otherwise unexploitable.
The advisory presented herein, is a real world example of the
research mentioned above, and contains two XSS variants. The second of
which, makes use of the JavaScript Flow Manipulation technique. "
Advisory Link: http://blog.watchfire.com/wfblog/2008/06/javascript-code.html
