l4zy

Google Fixes Cross Site Scripting Vulnerability Identified by Finjan

Finjan informed Google last week of a dangerous cross site scripting vulnerability on its website. Finjan’s Malicious Code Research Center (MCRC) provided Google with full technical details, including proof-of-concept, concerning the vulnerability in order to assist Google with the fix. Google worked quickly to complete the fix on its website, which is no longer exposed to this vulnerability.

Two Google sub-sites contained forms which did not validate and filter input. Due to the lack of data validation and filtering, this vulnerability could have allowed an attacker to inject content and scripts which could allow him to steal the victim’s cookie. If the victim were to be logged-on to their Google Account at the time, the attacker, by virtue of having the victim’s cookie, could have gained access to some of the Google services like the victim’s personal account information, his/her saved searches, Froogle’s wish list, Google alerts, or even identify the user in the Google Groups. The attacker might also have been able to change the content of the whole page, which would allow him to perform phishing attacks, or convince the user to download malicious files.

“The cross site scripting vulnerability could have allowed a remote attacker to take over victims’ Google Accounts, or fake the website’s content in order to deceive end users into downloading malicious content or providing personal and confidential information (known as ‘phishing’)”, said Limor Elbaz, VP Business Development and Strategy of Finjan.

When buying digital cameras, make sure that you buy quality digital cameras even if it is only a mini digital camera. IF you have a chance, prefer the sony digital camera over the regular olympus digital camera.