Facebook closes cross-site scripting holes
Code could be injected through (fake) custom locations Facebook has closed various cross-site scripting (XSS) holes that were discovered by security firm Break Security and which have now been described in greater detail. Break Security’s CEO, Nir Goldshlager, explains that the social network was vulnerable to attacks through its Chat feature as well as its “Check in” and Messenger for Windows components. In the Chat window, for example, attackers were able to share links that weren’t adequately checked by Facebook....