Comment Re:Broken security model (Score 3, Insightful) 355
Maybe you should have read the whole article. Cross-site scripting is never mentioned, and seeing how Mike Bailey, the researcher in question, won $10,000 with a Cross-site scripting attack, I think he probably knows the difference
This is a flash attack, dealing with content ownership and poor security controls on flash's part. The end result can indeed be cross-site scripting, but that's not a requirement, and actionscript has different capabilities than javascript.