The insanely successful Facebook game – CityVille by Zynga has more than 95 million active monthly users. An amazing figure, but are those users at risk of cross-site scripting attacks. If you not familiar with XSS, its a vulnerability in web applications, using this attacker can steal users’ information.
This is pretty alarming considering its connected to your Facebook account, the place that you’ve shared a lot of your personal data.
Internet Explorer 9 certainly thinks so, displaying the following information bar to users – “Internet Explorer has modified this page to help prevent cross-site scripting.”
If your a CityVille user and haven’t ever seen a message like this, that’s likely because your not using IE9. It is after all still in release candidate stage, so I wouldn’t expect many of the 95 million would be. Due to IE9’s improvements in security the cross-site-scripting vulnerability may have been there all along, but only picked up by new protections.
From the message, it suggests that IE9 actually modified the page (read removed the bad code), preventing it from running, so you should be safe.. assuming you’ve never used CityVille with anything else but IE9.
