Friday, April 19, 2013

Facebook has removed several XSS-vulnerabilities

Gaps were found in several online services company experts Break Security.

Facebook developers have fixed a number of XSS-vulnerabilities discovered by experts Break Security. As the head of information security company Goldshleyger Nir (Nir Goldshlager) social network was vulnerable to attacks on its application «Chat», as well as the components of «Check in» and «Messenger».

So, in a chat window hackers could post links that go about checking on the part of Facebook, which allowed the team to disguise the references JavaScript, executed when you click on these links to a victim's system.

The flaw in the «Check in» also allows the introduction of JavaScript code through the component settings. It was necessary to create a specially crafted location, noting in which the user executed, disguised malicious code. Vulnerability in «Messenger» has a similar character.

No comments:

Post a Comment