GoogHOle Exploits GMail, Picasa and 200K Other Sites

Giorgio Maone writes "Multiple Google-targeted exploits disclosed in the past 3 days could compromise your GMail account, steal your pictures from Picasa or impersonate you on almost 200,000 big sites which outsourced their search engines (vulnerabilities included in the price). If even Google, a very reactive company when web security matters, does face this kind of problems, how serious is the threat and what can you do, as a "normal" web user, to protect yourself?"

If you run Firefox, install NoScript plugin

[elwinc]

According to the article, exploint uses Cross-site scripting, also known as XSS. There is a firefox plugin called NoScript that limits cross site scripts. The article points you to http://noscript.net/features#xss which describes the anti-XSS protection of noscript. The noscript pages suggests that you only load firefox plugins from addons.mozilla.org and sends you to https://addons.mozilla.org/en-US/firefox/addon/722 where you can download noscript.