This is a follow-up to another article about crossorigin mail theft on Yahoo! Mail using Flash. Flash has a feature where you can embed a crossorigin.swf inside your own own own.swf. The crossorigin proxy has since been patched, but the loose crossdomain.xml rules remain. How can we exploit these rules without using MITM attacks? Well, we abuse vulnerabilities in.swfs that are legitimately hosted on subdomains of yahoo.com.”]
Source: http://blog.saynotolinux.com/blog/2014/12/09/seizing-control-of-yahoo-mail-cross-origin-again/