. Facebook closes cross-site scripting holes - MajorGeeks

Providing Free and Editor Tested Software Downloads

MajorGeeks.com - If your computer could ask you for it, it would.

All In One Tweaks

Antivirus & Malware

Drives (SSD, HDD, USB)

Graphics & Photos

MajorGeeks Windows Tweaks

Office & Productivity

· How To and Tutorials
· Life Hacks and Reviews
· Way Off Base
· MajorGeeks Deals
· News
· Off Base
· Reviews

· YouTube
· Facebook
· Instagram
· Twitter
· Pintrest
· RSS/XML Feeds

· News Blur
· Yahoo
· Symbaloo

· Top Freeware Picks
· Malware Removal
· Geektionary
· Useful Links
· About Us

· Copyright
· Privacy
· Terms of Service
· How to Uninstall

1. GS Auto Clicker

2. Macrium Reflect FREE Edition

3. Smart Defrag

5. Visual C++ Redistributable Runtimes AIO Repack

6. McAfee Removal Tool (MCPR)

8. Sergei Strelec's WinPE

9. Visual C++ Runtime Installer (All-In-One)

10. K-Lite Mega Codec Pack

PST Files: Keeping Your Outlook Data Organized and Running Smoothly

How to Disable All Advertising and Sponsored Apps in Windows 10 & 11

Do You Need to Defragment an SSD? Understanding TRIM and SSD, NVME Optimization

Google's New Dark Web Report: How to Use It To Protect Your Data and Alternatives for Non-Google Users

Desktop Slideshow Customization: How To Keep Your Backgrounds Fresh

What Is The Dark Web: A Beginner’s Guide To Exploring The Dark Web

How to Enable or Disable IPv6 in Windows 10 and 11

Your Phone May Have Emergency Satellite Connectivity Built In and It Could Be a Lifesaver During Major Storms

How People Hack Your Webcam And How to Stop It

Skip the Ads: A Clever Trick to Watch Youtube Ad Free

Facebook closes cross-site scripting holes

Contributed by: Email on 04/19/2013 02:42 PM [ Comments ]

Facebook has closed various cross-site scripting (XSS) holes that were discovered by security firm Break Security and which have now been described in greater detail. Break Security's CEO, Nir Goldshlager, explains that the social network was vulnerable to attacks through its Chat feature as well as its "Check in" and Messenger for Windows components.

In the Chat window, for example, attackers were able to share links that weren't adequately checked by Facebook. This enabled attackers to add disguised java script commands to links that were then automatically inserted into href parameters by the Chat client. When users clicked on these specially crafted messages, the injected code was executed on their systems.

The "Check in" service could be manipulated by creating custom locations into which attackers were then able to inject java script code through their settings. That client-side XSS code was executed when users checked in at such a location.

Messenger for Windows could be compromised by creating a Facebook page. Pages can send messages to all users. If java script code was entered as part of the page name, and the page sent out messages to users, the script would be executed on users' machines as soon as they logged into Messenger.

Check the images HERE

Comments

comments powered by Disqus

© 2000-2024 MajorGeeks.com

Powered by Contentteller® Business Edition