This document summarizes three security vulnerabilities that can exist in Flash applications: 1. Same-origin policy bypass through loader contexts and cross-domain policies 2. Phishing through manipulation of SWF URLs in metadata 3. Cross-site scripting through user-supplied parameters if the SWF is loaded from a public CDN domain that is shared by other sites.