TTCSIRT-076.122717: TT-CSIRT Advisory – Google Security Updates
Google has released a security update warning customers that some of the files provided by third-party vendors through its advertising platform can introduce cross-site scripting (XSS) vulnerabilities.
Some of these vendors include:
a) adform/IFrameManager.html
b) admotion/afa-iframe.htm
c) bonzai/bonzaiBuster.html
d) exponential/buster.html
e) eyeblaster/addineyeV2.html
f) eyewonder/interim.html
g) flashtalking/ftlocal.html
h) ipinyou/py_buster.html
i) jivox/jivoxibuster.html
j) mediaplex/mojofb_v9.html
k) mixpo/framebust.html
l) predicta/predicta_bf.html
m) rockabox/rockabox_buster.html
n) liquidus/iframeX.htm
o) controbox/iframebuster.html
p) spongecell/spongecell-spongecellbuster.html
q) unicast/unicastIFD.html
r) adrime/adrime_burst.2.0.0.htm
s) revjet/revjet_buster.html
t) kpsule/iframebuster.html
Further information on this security update can be found on the Google Website at https://support.google.com/dfp_premium/answer/7622991 |