Providing Free and Editor Tested Software Downloads

MajorGeeks.com - Geek, I am your Father.

All In One Tweaks

Antivirus & Malware

Drives (SSD, HDD, USB)

Graphics & Photos

MajorGeeks Windows Tweaks

Office & Productivity

· How To and Tutorials
· Life Hacks and Reviews
· Way Off Base
· MajorGeeks Deals
· News
· Off Base
· Reviews

IObit Black Friday Sale

· YouTube
· Facebook
· Instagram
· Twitter
· Pintrest
· RSS/XML Feeds

· News Blur
· Yahoo
· Symbaloo

· Top Freeware Picks
· Malware Removal
· Geektionary
· Useful Links
· About Us

· Copyright
· Privacy
· Terms of Service
· How to Uninstall

1. GS Auto Clicker

2. Macrium Reflect FREE Edition

3. Smart Defrag

5. Sergei Strelec's WinPE

6. Microsoft Visual C++ 2015-2022 Redistributable Package

7. Visual C++ Redistributable Runtimes AIO Repack

8. McAfee Removal Tool (MCPR)

9. K-Lite Mega Codec Pack

10. Visual C++ Runtime Installer (All-In-One)

All the New Features Landing in Windows 11 This December

Lossless vs Lossy: When FLAC, APE, and ALAC Beat MP3 and When They Don't

Google Search Tricks You'll Actually Use in 2025 and Beyond

Fresh PC Checklist: First 12 Things to Do On a New Windows 11 Machine

Running AI Models Locally: What They Are, Where to Find Them, and How to Get Started

Deciding Between Idle State, Sleep Mode, and Shutdown: What's Best for Your PC?

How to Fix VMware Workstation "The Update Server Could Not Be Resolved" Error Installing VMware Tools

How to Remove Google Gemini from Your Phone (and Your Life)

Windows Bloat Removal Guide: Debloat Safely and Keep What You Need

Windows 11 Repair Playbook: SFC, DISM, CHKDSK Without Breaking Stuff

Facebook closes cross-site scripting holes

Contributed by: Email on 04/19/2013 02:42 PM [ Comments ]

Facebook has closed various cross-site scripting (XSS) holes that were discovered by security firm Break Security and which have now been described in greater detail. Break Security's CEO, Nir Goldshlager, explains that the social network was vulnerable to attacks through its Chat feature as well as its "Check in" and Messenger for Windows components.

In the Chat window, for example, attackers were able to share links that weren't adequately checked by Facebook. This enabled attackers to add disguised java script commands to links that were then automatically inserted into href parameters by the Chat client. When users clicked on these specially crafted messages, the injected code was executed on their systems.

The "Check in" service could be manipulated by creating custom locations into which attackers were then able to inject java script code through their settings. That client-side XSS code was executed when users checked in at such a location.

Messenger for Windows could be compromised by creating a Facebook page. Pages can send messages to all users. If java script code was entered as part of the page name, and the page sent out messages to users, the script would be executed on users' machines as soon as they logged into Messenger.

Check the images HERE

Comments

comments powered by Disqus

© 2000-2025 MajorGeeks.com

Powered by Contentteller® Business Edition