RSSGoogle Cross-Site Scripting Flaw Fixed
By the Betanews Staff | Published December 21, 2005, 5:00 PM
Google has fixed a cross-site scripting vulnerability on its Web site, according to security firm Watchfire. The flaw allowed an attacker to impersonate legitimate Google services in order to launch a phishing attack. The search engine applauded the firm for withholding disclosure until it could fix the problem.
The XSS flaw existed in how Google redirected users in its error pages. An attacker could use UTF-7 characters to take advantage of the vulnerability and insert malicious JavaScript into the URL, the firm said. According to Watchfire, Google fixed the problem on December 1, just two weeks after it had been alerted to the problem.
Exactly bbfc,
mm/dd/yy is like doing the time mm/hh/ss
Amercians, remember your roots :)
Score: 0
dd/mm/yyyy makes more sense than mm/dd/yyyy.
Bloody Americans! :p
Score: 0
And I must leap onto the MS bashing bandwagon!...
----- Link File Vulnerability -----
Found: Windows 95 (did 3.1 have links?)
Fixed(mostly): Windows XP Sp2
That's only around a decade. Speedy performance, by comparison.
Score: 0
Internesting how that bandwagon didn't exist in this thread 'til you showed up.
How thoughtful of you.
Score: 0
--[ Discovery Date: 15/11/2005
--[ Initial Vendor Response: 15/11/2005
--[ Issue solved: 01/12/2005
Note, this is using that back-asswards UK date format of dd/mm/yyyy.
Found Nov. 15th.
Solved Dec. 1st.
Not bad...not bad at all.
Score: 0
back-asswards???
It's you that is back-asswards Jeez... :)
Score: 0
Sorry, I'll include the [humor] tag from now on for those of you a little slow to catch on.
Score: 0