JavaScript hijacking can hijack web browser session
Filed in archive Security on April 2, 2007
JavaScript vulnerability has been reported by Fortify which enables to hack IE or Mozilla web browser session. Dubbed as JavaScript hijacking the vulnerability can be exploited in Web 2.0 applications using AJAX or Microsoft Atlas or GWT and other open source tools. The security vendor has the specific attack code and along with an advice as to how the vulnerability can be corrected.
Brian Chess, Chief scientist, Fortify stated:
Fortify has identified JavaScript hijacking attack code to exploit the Microsoft browser as well, but is refraining from currently making that publicly available. We figured out how this attack is possible and we need to educate software developers on it.
The security vendor has recommended that all programs communicating using JavaScript should take defensive steps such as session identifiers as part of each request returning JavaScript. This would entirely defeat the purpose of forgery attacks. Check the advisory issued by Fortify out here.

Tags: javascript hijacking java javascript vulnerability ajax javascript+hijacking browser+session
Vote for JavaScript hijacking can hijack web browser session:
|
Rating: 8.67 out of 3 vote(s) cast.
|
Response from:
anothr user
One new subscriber from Anothr Alerts:cw1925@gmail.com
| RSS | |
|
| |
| Yahoo! |
|
| Bloglines |
|
| Follow us on Twitter! |
Most Popular
AJAX
Application Development
Awards
Basics
Best of
Business
conference
Did you know
E-Commerce
Information About
Management
Misc
Mobile Devices
mobile phones
Monthly Contest
Personal
Programming
Quick introduction
Security
Service Oriented Architectures
