San Jose, California – (The Hosting News) – October 10, 2005 – Internet security firm, Finjan, informed Google last week of a dangerous cross site scripting
vulnerability on its website.
Limor Elbaz, Vice President of Business Development and Strategy with Finjan explained, ”The cross site scripting vulnerability could have allowed a remote attacker to take over victims’ Google Accounts, or fake the website’s content in order to deceive end users into downloading malicious content or providing personal and confidential information (known as ‘phishing’).”
Two http://www.google.com sub-sites contained forms which did not validate and filter input. Due to the lack of data validation and filtering, this vulnerability could have allowed an attacker to inject content and scripts which could allow him to steal the victim’s cookie. If the victim were to be logged-on to their Google Account at the time, the attacker, by virtue of having the victim’s cookie, could have gained access to some of the Google services like the victim’s personal account information, his/her saved searches, Froogle’s wish list, Google alerts, or even identify the user in the Google Groups.
The attacker might also have been able to change the content of the whole page, which would allow him to perform phishing attacks, or convince the user to download malicious files. In late September, Finjan’s Malicious Code Research Center (MCRC) provided Google with full technical details, including proof-of-concept, concerning the vulnerability in order to assist Google with the fix. Google worked quickly to complete the fix on its website, which is no longer exposed to this vulnerability.
The Malicious Code Research Center (MCRC) is the leading research department at Finjan Software, dedicated to the research and detection of security vulnerabilities in Internet and email applications as well as other popular applications. For further information, please visit: http://www.finjan.com/mcrc/.
Finjan Software is a leading provider of proactive, behavior-based secure content management solutions, protecting close to millions of users from known and unknown attacks, globally. For more information about Finjan and its proactive protection solutions against threats driven by mobile malicious code, please visit: http://www.finjan.com.