Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cross Site Scripting Discovered in Google

Posted by CmdrTaco on from the hate-when-that-happens dept.

Security Test writes "Yair Amit posted a message early this morning to The Web Security Mailing List outlining a Cross Site Scripting flaw in Google that allows an attacker to carry out Phishing Attacks."

5 of 158 comments (clear)

  1. Hmm by omeg · · Score: -1, Redundant

    Shouldn't they have waited for Google to create a fix for it before outlining this bug?

  2. Re:but this was resolved three weeks ago. by op12 · · Score: 0, Redundant

    More like 11 months ago! :)

  3. Fixed by Anonymous Coward · · Score: -1, Redundant

    --[ Discovery Date: 15/11/2005

          --[ Initial Vendor Response: 15/11/2005

          --[ Issue solved: 01/12/2005

    As the message says the flaw was fixed in 1/12.

  4. No real news here by Silver+Sloth · · Score: -1, Redundant

    Apart from mentioning the magic /. buzzword 'Google' - from TFA

    Websites from FBI.gov, CNN.com, Time.com, Ebay, Yahoo, Apple computer, Microsoft, Zdnet, Wired, and Newsbytes have all had one form or another of XSS bugs.

    so Google getting one is not exactly a major ocurrence. TFA also mentions

    The author would like to commend the Google Security Team for their=20
    cooperation and communication regarding this vulnerability.

    So we can expect the hole to be repaired real soon now (and probaly quicker than our friends from Seattle!)

    --
    init 11 - for when you need that edge.
  5. Re:but this was resolved three weeks ago. by minus_273 · · Score: 0, Redundant

    " Google solved the aforementioned issues at 01/12/2005, by using=20
    character encoding enforcement"

    actaully, it looks like it was resolved almost ayear ago. Why is this even news? are we going to post old MS bug reports now?

    --
    The war with islam is a war on the beast
    The war on terror is a war for peace