Too strict cross-site security for flash embeds

Description

Try to close flash popup with mouse. With Opera 9 this is not possible. Works in Opera 8. Problem first appeared in Opera 9 build 8238 (windows)

Index file is located at: http://zajec.net/bug/flash_xss/
Script used by flash: http://my.opera.com/d.i.z./homes/bugs/onFinishedPlaying.js
Flash file located at: http://my.opera.com/d.i.z./homes/bugs/flashPopup.swf

As both flash file and js file are on the same server, Opera should allow flash to access this script file. It appears that Opera 9 thinks that it's a XSS issue and prevents access to functions defined in script. If everything is on the same page (html, js, flash) it works in all Opera versions - can be verified here: Local Files.

UPDATE: Fixed in Windows 9.00.8518 build.

UPDATE2: Since when Flash 9 started working in Opera for linux, there is similar bug in there. Seems a bit different though because "Local version" does not work too.

Testcase


This red background should also disappear.
diz courtesy of zajec.net