Well, Flash just got that sort of exploit, but it's worse, because this attack will work successfully against Power Macs too. "Rosetta Flash" (how appropriate!) can steal credentials and cookies by generating valid, malicious SWFs through JSONP that abuse Flash's ability to bypass the same-origin policy that would normally protect against such an attack.
There are ways that a service can protect itself from Rosetta Flash, but that's where it gets even worse for Power Mac users: the recommended server-side change to retard the attack won't work on Flash 10.1. Yes, you heard right. Even if the server implements the recommended server-side protection, Flash 10.1 will still download and execute the malicious SWF. And that's critical, because there is no Flash 10.2 or above for Power Macs, just various hacks that change the version number.
This exploit is fully weaponized, as they say in the biz. It's ready for any attacker to use. So Flash is dead: it is no longer safe for use on Power Macs, TenFourFox won't run it anyway, and if you are still using TenFourFox 17 to run Flash applets, I warned you this day would come.
So far all indications are that beta 3 is substantially faster than beta 2. I will make one last tweak to the garbage collector timeslice before release for a little better long term throughput. The only remaining bug is issue 280, which is a crash with the G5 using 7450 branching; I'm just going to revert to G5 branching as was originally in 24/26/29. I'm now starting to think that the performance delta might be a benchmark artifact anyway, and it's not worth the trouble to debug prior before release. Meanwhile, 31 will come out on schedule simultaneously with 24.7.0 to conclude ESR24. Another year of support ahead!