Solarbird (solarbird) wrote,

  • Mood:
  • Music:

Flash-based cross-scripting LJ security hole

As described in this post in News, there's a Flash-based cross-site scripting bug that edits the most recent post of any logged in user who views content containing the script. This journal's previous entry was affected - code embedding infected video was added to that post after I viewed an apparently-infected post on my friendslist. As a result, LJ staff have partially disabled embedding while they work on a better solution. So be aware of this, and check your most recent posts as described in this post in News. Youtube embeds aren't affected, and have already been re-whitelisted.
Tags: misc geeking
  • Post a new comment


    Comments allowed for friends only

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded