Are 95 Million CityVille players at risk of cross-site scripting ?

The insanely successful Facebook game – CityVille by Zynga has more than 95 million active monthly users. An amazing figure, but are those users at risk of cross-site scripting...

image

The insanely successful Facebook game – CityVille by Zynga has more than 95 million active monthly users. An amazing figure, but are those users at risk of cross-site scripting attacks. If you not familiar with XSS, its a vulnerability in web applications, using this attacker can steal users’ information.

This is pretty alarming considering its connected to your Facebook account, the place that you’ve shared a lot of your personal data.

Internet Explorer 9 certainly thinks so, displaying the following information bar to users – “Internet Explorer has modified this page to help prevent cross-site scripting.”

CityVille cross-site scripting

If your a CityVille user and haven’t ever seen a message like this, that’s likely because your not using IE9. It is after all still in release candidate stage, so I wouldn’t expect many of the 95 million would be. Due to IE9’s improvements in security the cross-site-scripting vulnerability may have been there all along, but only picked up by new protections.

From the message, it suggests that IE9 actually modified the page (read removed the bad code), preventing it from running, so you should be safe.. assuming you’ve never used CityVille with anything else but IE9.

Categories
GamingSecurity

Creator of techAU, Jason has spent the dozen+ years covering technology in Australia and around the world. Bringing a background in multimedia and passion for technology to the job, Cartwright delivers detailed product reviews, event coverage and industry news on a daily basis.