The folks over at www.foregroundsecurity.com have discovered (another) Flash exploit that makes use of a same-origin policy interpretatino malformation in the application.

This vulnerability allows the same-origin policy of Adobe Flash to be exploited to allow nearly any site that allows user generated content to be attacked. No fix for this vulnerability currently exists.

Two ways of dealing with it (as Adobe has as yet not released a patch): NoScript for FireFox users, or Toggle Flash for IE users… Switch off Flash until the issue is resolved. Any site that allows (untrusted) content upload faces a potential threat.

But you knew that already.