Mark Ledford's Blog

With the barrage of player updates and security changes to the Flash Player staying on top of the issues and incompatibilities from player to player is sometimes as troublesome as cross browser compatibility for regular web development. This is especially true for the upgrade from Flash Player 9 to 10.

There were some well publicized major security changes for policy files and the filereference class included with the Flash Player 10 security updates but a seemingly less significant new restriction regarding cross domain swf focus can wreak havoc on an existing flash project . The new restriction is outlined here:
Related-object properties in events may not be available

Starting in Flash Player 10.0.2, if an object that would be referred to by any of these properties [MouseEvent.relatedObject, FocusEvent.relatedObject, ContextMenuEVent.mouseTarget] resides in a different security sandbox (for example, because it is part of a different SWF that was served from a different domain), and the two sandboxes do not both trust each other (by means of the Security.allowDomain method), then the value of this property is changed to null.

I’ve found this is a significant change for cross domain swfs that utilize any of Flash’s V3 Components. Some 3rd party crossdomain swfs that once worked fine will no longer focus properly when clicking on textfields. Digging into this component architecture’s FocusManger you can find the culprit:

fl.managers.FocusManager::mouseFocusChangeHandler(event:FocusEvent)

The solution is to add a Security.allowDomain(“YourDomain”) if you have access to republish, otherwise you’d have to use a proxy server.