Do you have a DEFCON group somewhere in the 406 area code?  Contact us for FREE web space to support your group. could be yours.  Plus, there's LOTS of stuff in the main site....c'mon in.

Tweetdeck Chrome Extension XSS Vulnerability

Tweetdeck Chrome Extension XSS Vulnerability


User Rating: / 7

AddThis Social Bookmark Button

Silly me.

I retweeted a funny tweet by @mikkohypponen at F-Secure about some javascript that had put in the X-VirusScan header of an email, and much to my surprise the javascript executed.

I tweeted the results of my discovery and Mikko had a hard time believing it, but after a couple of go arounds and some screenshots I was taken seriously.  Mikko notified the guys at Twitter and supposedly they have fixed it, but it still is working in my browser today.  Thus I discovered the 140 character, must retweet the message javascript XSS vuln in the Tweetdeck extension for Google Chrome ;)

Here is Mikko's blog entry over at F-Secure.

Back to work ;)



Comments (0)
Only registered users can write comments!