Whole Network Most Recent TOP10 AJAX E-Commerce Programming Security

« HP gets Ajax tools in its... | Main | Vulnerability reported in... »

JavaScript hijacking can hijack web browser session

Filed in archive Security by gautam on April 02, 2007

JavaScript vulnerability has been reported by Fortify which enables to hack IE or Mozilla web browser session. Dubbed as JavaScript hijacking the vulnerability can be exploited in Web 2.0 applications using AJAX or Microsoft Atlas or GWT and other open source tools. The security vendor has the specific attack code and along with an advice as to how the vulnerability can be corrected.

Brian Chess, Chief scientist, Fortify stated:

Fortify has identified JavaScript hijacking attack code to exploit the Microsoft browser as well, but is refraining from currently making that publicly available. We figured out how this attack is possible and we need to educate software developers on it.

The security vendor has recommended that all programs communicating using JavaScript should take defensive steps such as session identifiers as part of each request returning JavaScript. This would entirely defeat the purpose of forgery attacks. Check the advisory issued by Fortify out here.

Permalink: JavaScript hijacking can hijack web browser session
Tags: javascript hijacking java javascript vulnerability ajax javascript+hijacking browser+session

Trackback: http://www.creative-weblogging.com/cgi-bin/mt-tb.pl/61253

Related Entries:

Werte aus Flash an PHP und JavaScript senden - 14 Januar 2007

Browser-Spion - 10 April 2007

Die besten Tutorials zu PHP, CSS, JavaScript, DHTML, AJAX... - 07 April 2007

Microsoft Examination of JavaScript Has Standards... - 12 November 2007

Skyfire Launches Mobile Browser with Flash, Ajax and Java... - 29 January 2008

JavaScript 测试：Firefox 3 性能大为提升 - 29 二月 2008

JavaScript-Browser-Weiche - 23 April 2008

Vote for JavaScript hijacking can hijack web browser session:

Currently 8.67/10
1
2
3
4
5
6
7
8
9
10

Rating: 8.7 out of 3 vote(s) cast.

CW Toolbar
RSS	\| See all blog subscribe options
Google	\| What is RSS?
Yahoo!
Addthis
Bloglines
Newsletter

Advertisement - Book yours here.

Check out our Sponsored Blogs!
Creative Weblogging
The Mobile Technology Weblog
Web 2.0
BlogWealth
latest news from

Embedded OpenType and the W3C

Combining JavaScript and CSS for Performance

window.name meet dojox.io.windowName

Getting to know GWT JSNI; Including talking to GWT code from JavaScript

Defining the Open Web

Neat Firefox Video SVG Tricks

The Fight for Fantastic Fonts (or, Let’s Give Tahoma a Rest)

Pondering Support of IE6

WebMonkey’s Five Best Firebug Extensions

Increase DOM Node Insertion Performance

iPhone Native Apps vs. iPhone Web Apps

jQuery: Sparklines Plug-in

Firebug to get a boost

Lightweight Grid Control for jQuery

Reduce, Reuse, Recycle…. your code

Semantic Constructors

Radiohead + Open Data = JavaScript + Canvas Visualizations of their work

Defender of the Favicon

A tutorial on Prototype, Google Maps API and the HeatMapAPI

IEPNGFix 2: Now supports CSS background position and repeat

Get the Newsletter

Browser Plug-ins
Client-side Frameworks
Interaction Design/
Graphic Design/User Experience
JavaScript
Programming Techniques
Security
Server-side Frameworks

Advertisement -
Book yours here..

Our Editors recommend
Ajaxian
Bokardo
Bruce Eckel's Weblog
Daniweb
Java Posse
Joel on Software
Martin Fowler's Bliki
Mashable
Rick Hightower's Sleepless Night in Tucson
Service-Oriented Architecture
TechCrunch
techno.blog ("Dion")
Tinou's Work Blog
Tor Norbye's Weblog

Contributors (Last 90 days)
Gautam Chhabra (33)
This site has 616 entries and is powered by Creative Weblogging since September 2005.
Do you want to start or edit an existing blog for us and get paid? More info.
Do you want to advertise on this blog? We have great ideas!
Do you have tips for us? Send them!

Discover Java Entrepreneur on your cell phone! Simply type the URL of your favorite blog in your mobile browser.

Advertise with us
Learn more about our advertising options, visit our shop or give Sonja a call at +1 (650) 331 8047.
NEW you can also chat with us.

Security Cameras
Would you like to have a new interactive marketing channel for your company? Learn more about Sponsored Blogs with Creative Weblogging. See how we helped companies like Weblin and cellity reach their goals.
Would you like to reach millions of blog readers every day? See you banner on hundreds of blogs with TierOneAds? Stay in control measuring conversion in real time. Register now.
Would you like to make more money blogging? Use TierOneAds a new platform that allows you as a blogger to set your prices per impression. Register now.
Do you have a blog with more than 50k page views from the US? Let us market your blog and earn great fix payments and bonuses.

Would you like to see your text link here? Let us know!

Advertisement
Book yours here.

Testimonials
'Great looking blog. Good quality posts with useful information.'

Other blogs in the same channel in the Creative Weblogging Network

Advertisement -
Book yours here..

Disclaimer
Some of the contents of this site are protected Creative Weblogging Ltd. 2004-2008.

Advertisement - Book yours here..

Add your response to JavaScript hijacking can hijack web browser session: Response from: anothr user One new subscriber from Anothr Alerts:cw1925@gmail.com
Name: *	Email: (will never be shown)*	URL:

(* marked fields are required)
Notify me if more comments appear?	Subscribe to Java Entrepreneur newsletter? (Newsletters are sent out weekly).	Remember me
Security Code: * (Please help us to sort out spam.)

Please enter your comment here: (Sorry, no HTML is allowed - URLs will be made clickable automatically if you add http:// to your URL.)


We welcome your comments, however all comments are moderated. Offensive or off-topic comments will be deleted and not displayed.

Blog this at your site JavaScript hijacking can hijack web browser session:

Login*	Password*


Your blog system

Save your login data? (* Your login data are stored securely and encrypted)
Please enter a comment that will appear right after the post on your site:

Tell a friend about JavaScript hijacking can hijack web browser session
Recipient email:*	Your email:*

(* Both email addresses are required for sending this article. They will never be shown or used for any marketing purposes)
Please enter a message which will be shown together with the article:

Security Code: (Please help us to sort out spam.)

JavaScript hijacking can hijack web browser session

Filed in archive Security by gautam on April 02, 2007

Related Entries:

Vote for JavaScript hijacking can hijack web browser session:

Add your response to JavaScript hijacking can hijack web browser session:

Blog this at your site JavaScript hijacking can hijack web browser session:

Tell a friend about JavaScript hijacking can hijack web browser session

Check out our Sponsored Blogs!

latest news from

Our Editors recommend

Contributors (Last 90 days)

Categories

Archives

Advertise with us

Most popular

Testimonials

Recent Comments

Other blogs in the same channel in the Creative Weblogging Network

Technology

Disclaimer

Find more recent entries from our other publications:

The VoIP Weblog

HackITLinux

The CIO Weblog

Nanotechbuzz

BlogWealth

On Storage