March 29, 2011   Social Networking, Vulnerabilities, Vulnerabilities & attacks, Web Security   48 Comments

Beware of A New XSS on Facebook

New Cross-site scripting vulnerability has been detected on Facebook and widely exploited in the mobile API version, this vulnerability allows a malicious user to include JavaScript content into a website and redirect victim’s browser to the prepared URL.

I have already saw this flaw in the last few days, many of my friend list are posting some strange things on the wall and by Just visiting the infected website is enough to post a message that the attacker has chosen. Therefore it should be of no surprise that some of those messages are spreading very fast through Facebook. Some are posting links to infected websites, creating XSS worms that spread from user to user.

There is no user interaction required, so the messages are spreading through Facebook at a fast pace. Facebook’s security team has been notified about the vulnerability and is working on a fix. Hopefully it will be issued soon, since the attack seems easy to recreate.

Symantec advises users to log out of Facebook when they are not actively using it or to use script-blocking add-ons to prevent the attack.

make sure you subscribe to my RSS feed!

Related Posts:

Share
, ,
Subscribe
Notify of
guest
48 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback

Beware of A New XSS on Facebook http://bit.ly/hJI6Pc

0
trackback

#Security #infosec Beware of A New XSS on Facebook: New Cross-site scripting vulnerability has been detected on … http://bit.ly/hJI6Pc

0
trackback

Beware of A New #XSS on #Facebook: New Cross-site scripting vulnerability has been detected… http://goo.gl/fb/6fabW

0
trackback

RT @sectechno: Beware of A New #XSS on #Facebook https://www.sectechno.com/2011/03/29/beware-of-a-new-xss-on-facebook/ #security #infosec

0
trackback

RT @MBenLakhoua: RT @sectechno: Beware of A New #XSS on #Facebook https://www.sectechno.com/2011/03/29/beware-of-a-new-xss-on-facebook/ # …

0
trackback

RT @sectechno: Beware of A New #XSS on #Facebook http://bit.ly/dH6RcG #security #infosec

0
trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

0
trackback

Beware of A New XSS on Facebook http://bit.ly/efZIIA

0
trackback

@TheHackersNews can you add my link to your latest post? https://www.sectechno.com/2011/03/29/beware-of-a-new-xss-on-facebook/

0
trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

0
trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

0
trackback

RT: @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA <- that vulnerability just got fixed, not working anymore

0
trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

0
trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

0
trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

0
trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

0
trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

0
trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

0
trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

0
trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

0
trackback

RT @darkoperator: Beware of A New XSS on Facebook http://bit.ly/hJI6Pc

0
trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

0
trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

0
trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

0
trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

0
trackback

RT @sectechno: Beware of A New #XSS on #Facebook http://bit.ly/dH6RcG #security #infosec

0
trackback

RT @sectechno: Beware of A New #XSS on #Facebook http://bit.ly/dH6RcG #security #infosec

0
trackback

Beware Facebook peeps: http://t.co/TMZPfmj

0
trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

0
trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

0
trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

0
trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

0
trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

0
trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

0
trackback

Beware of A New XSS on Facebook http://bit.ly/fdk9so via @Security_FAQs

0
trackback

Beware of A New XSS on Facebook http://bit.ly/fdk9so

0
trackback

RT @sectechno: Beware of A New XSS on Facebook https://www.sectechno.com/2011/03/29/beware-of-a-new-xss-on-facebook/

0
trackback

RT @Security_FAQs: Beware of A New XSS on Facebook http://bit.ly/fdk9so

0
trackback

#security Beware of A New XSS on Facebook http://dlvr.it/LwFYp #infosec

0
trackback

Beware of A New XSS on Facebook #Facebook #XSS Vulnerability http://bit.ly/eegD17

0
trackback

Beware of A New XSS on Facebook: New Cross-site scripting vulnerability has been detected on Facebook and widely… http://bit.ly/hJI6Pc

0
trackback

RT @sectechno: Beware of A New #XSS on #Facebook http://bit.ly/dH6RcG #security #infosec

0
trackback

RT @sectechno: Beware of A New XSS on Facebook https://www.sectechno.com/2011/03/29/beware-of-a-new-xss-on-facebook/

0
trackback

RT @sectechno: Beware of A New XSS on Facebook https://www.sectechno.com/2011/03/29/beware-of-a-new-xss-on-facebook/

0
trackback

RT @Security_FAQs: Beware of A New XSS on Facebook http://bit.ly/fdk9so

0
trackback

Beware of A New XSS on Facebook | SecTechno: New Cross-site scripting vulnerability has been detected on Faceboo… http://bit.ly/hQrl24

0
trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

0
trackback

[…] some of the best or most useful blog posts and articles I’ve read this week -Pentest BookmarksBeware of A New XSS on FacebookWhy Defense in Depth Will Never Be SufficientThe Secrets behind Spoofing and SpammingWhat’s […]

0