14 DAY TRIAL // Security researcher Ucha Gobejishvili, also known as longrifle0x, found cross-site scripting (XSS) vulnerabilities in another series of important websites, including java.com, developers.sun.com, java.sun.com, and nero.com.
The expert’s findings were submitted to XSSed, a site that provides information on XSS attacks, on January 27 and they were disclosed a couple of days later, but at the time of writing the issues remain unresolved.
On the bright side of things, potential attacks using these flaws work only on users who rely on Mozilla Firefox browsers, including the recently released Firefox 10. The later variants of Internet Explorer and Google Chrome are designed to mitigate such attacks.
Unfortunately, there are plenty of Firefox customers that may be targeted by cybercriminals who could use these security holes to launch their attacks.
Hopefully, the involved companies will act on patching up the affected domains to make sure their visitors are protected.