I see many others xxs reported to xxsed.com but anyone was fixed. http://www.xssed.com/archive/domain=avast.com/special=1/ Anyway for who don’t know this XSS bug can be exploited by malicious people to conduct phishing attacks.This cross-site scripting issue might be leveraged by an attacker to steal cookie based authentication credentials.
Thank you very much for your message, mentioned problems were fixed and we are performing a deep website code review to prevent happening this in the future. Again, thank you.
Welcome to a new specialist on the forums. Maybe you can keep us informed about cross site scripting and Iframe injection with malicious intent.
There is a very sinister and destructive file infector on the loose, a new strain of virut aka Vitro, one of the infection vectors is through visiting websites that redirect to the malware. A script for webmasters to get rid of this iframe injection by David Barett can be found here: http://www.cedit.biz/scripts/14-virusmalware-repair/25-repair-ziefpl-iframe-injection.html
If users are infected as things stand the only way to get rid of it is the FFR-solution, namely f-disk, format, re-install: http://community.ca.com/blogs/securityadvisor/archive/2009/02/09/infectious-virut-on-the-loose.aspx
Giorgio Maone the developer of the NoScript add-on in Firefox and Flock browser stated if the site where the nefarious code reside is not white listed this extension will protect us fully.
But I and many others here believe in full disclosure and that is why we invite you here to our forum with a hearty welcome,
