Beware of A New XSS on Facebook

New Cross-site scripting vulnerability has been detected on Facebook and widely exploited in the mobile API version, this vulnerability allows a malicious user to include JavaScript content into a website and redirect victim’s browser to the prepared URL.

I have already saw this flaw in the last few days, many of my friend list are posting some strange things on the wall and by Just visiting the infected website is enough to post a message that the attacker has chosen. Therefore it should be of no surprise that some of those messages are spreading very fast through Facebook. Some are posting links to infected websites, creating XSS worms that spread from user to user.

There is no user interaction required, so the messages are spreading through Facebook at a fast pace. Facebook’s security team has been notified about the vulnerability and is working on a fix. Hopefully it will be issued soon, since the attack seems easy to recreate.

Symantec advises users to log out of Facebook when they are not actively using it or to use script-blocking add-ons to prevent the attack.

make sure you subscribe to my RSS feed!

Share
Subscribe
Notify of
guest
48 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback

Beware of A New XSS on Facebook http://bit.ly/hJI6Pc

trackback

#Security #infosec Beware of A New XSS on Facebook: New Cross-site scripting vulnerability has been detected on … http://bit.ly/hJI6Pc

trackback

Beware of A New #XSS on #Facebook: New Cross-site scripting vulnerability has been detected… http://goo.gl/fb/6fabW

trackback

RT @sectechno: Beware of A New #XSS on #Facebook http://www.sectechno.com/2011/03/29/beware-of-a-new-xss-on-facebook/ #security #infosec

trackback

RT @MBenLakhoua: RT @sectechno: Beware of A New #XSS on #Facebook http://www.sectechno.com/2011/03/29/beware-of-a-new-xss-on-facebook/ # …

trackback

RT @sectechno: Beware of A New #XSS on #Facebook http://bit.ly/dH6RcG #security #infosec

trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

trackback

Beware of A New XSS on Facebook http://bit.ly/efZIIA

trackback

@TheHackersNews can you add my link to your latest post? http://www.sectechno.com/2011/03/29/beware-of-a-new-xss-on-facebook/

trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

trackback

RT: @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA <- that vulnerability just got fixed, not working anymore

trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

trackback

RT @darkoperator: Beware of A New XSS on Facebook http://bit.ly/hJI6Pc

trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

trackback

RT @sectechno: Beware of A New #XSS on #Facebook http://bit.ly/dH6RcG #security #infosec

trackback

RT @sectechno: Beware of A New #XSS on #Facebook http://bit.ly/dH6RcG #security #infosec

trackback

Beware Facebook peeps: http://t.co/TMZPfmj

trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

trackback

Beware of A New XSS on Facebook http://bit.ly/fdk9so via @Security_FAQs

trackback

Beware of A New XSS on Facebook http://bit.ly/fdk9so

trackback

RT @sectechno: Beware of A New XSS on Facebook http://www.sectechno.com/2011/03/29/beware-of-a-new-xss-on-facebook/

trackback

RT @Security_FAQs: Beware of A New XSS on Facebook http://bit.ly/fdk9so

trackback

#security Beware of A New XSS on Facebook http://dlvr.it/LwFYp #infosec

trackback

Beware of A New XSS on Facebook #Facebook #XSS Vulnerability http://bit.ly/eegD17

trackback

Beware of A New XSS on Facebook: New Cross-site scripting vulnerability has been detected on Facebook and widely… http://bit.ly/hJI6Pc

trackback

RT @sectechno: Beware of A New #XSS on #Facebook http://bit.ly/dH6RcG #security #infosec

trackback

RT @sectechno: Beware of A New XSS on Facebook http://www.sectechno.com/2011/03/29/beware-of-a-new-xss-on-facebook/

trackback

RT @sectechno: Beware of A New XSS on Facebook http://www.sectechno.com/2011/03/29/beware-of-a-new-xss-on-facebook/

trackback

RT @Security_FAQs: Beware of A New XSS on Facebook http://bit.ly/fdk9so

trackback

Beware of A New XSS on Facebook | SecTechno: New Cross-site scripting vulnerability has been detected on Faceboo… http://bit.ly/hQrl24

trackback

RT @SocialMediaSec: Beware of A New XSS on Facebook http://bit.ly/efZIIA

[…] some of the best or most useful blog posts and articles I’ve read this week -Pentest BookmarksBeware of A New XSS on FacebookWhy Defense in Depth Will Never Be SufficientThe Secrets behind Spoofing and SpammingWhat’s […]