Do you have a DEFCON group somewhere in the 406 area code?  Contact us for FREE web space to support your group.  http://billings.dc406.com could be yours.  Plus, there's LOTS of stuff in the main site....c'mon in.

Tweetdeck Chrome Extension XSS Vulnerability

Tweetdeck Chrome Extension XSS Vulnerability

PDFPrintEmail

User Rating: / 7
PoorBest 

AddThis Social Bookmark Button

Silly me.

I retweeted a funny tweet by @mikkohypponen at F-Secure about some javascript that had put in the X-VirusScan header of an email, and much to my surprise the javascript executed.

I tweeted the results of my discovery and Mikko had a hard time believing it, but after a couple of go arounds and some screenshots I was taken seriously.  Mikko notified the guys at Twitter and supposedly they have fixed it, but it still is working in my browser today.  Thus I discovered the 140 character, must retweet the message javascript XSS vuln in the Tweetdeck extension for Google Chrome ;)

Here is Mikko's blog entry over at F-Secure.

http://www.f-secure.com/weblog/archives/00002167.html

Back to work ;)

 

 

Comments (0)
Only registered users can write comments!