Moreover, it is not just the browser itself which may have an exploitable flaw, but also any of its many extensions.Most application vendors targeting consumers build browser extensions in an effort to improve the user experience and take advantage of the most popular activity ever: web browsing.This is further enforced by the fact that UXSS also targets vulnerable browser add-ons or plugins and not just the browser itself. Vulnerability in the Adobe Acrobat extension for Internet Explorer 6 (or Mozilla plugin): This is an old vulnerability, however, it is a good example of what can go wrong when using extensions that enable code to be executed.The bug in the PDF reader enabled attackers to execute scripts on the client side.Microsoft reacted by changing the characters that XSS filters remove. Consequently the attackers would have had access to copies of all emails received by a compromised Gmail account.Adobe has acknowledged the vulnerability in the security bulletin here. Vulnerability in Chrome for Android: Mobile devices are no exception, and can become the targets of XSS attacks.Nevertheless, when a new vulnerability comes into play, the person or group discovering this vulnerability has the opportunity to either exploit it, thus enjoying long-term benefits of repeatedly exploiting such vulnerabilities; or report it and enjoy less benefits (if any).
Providers of web browsers are in a popularity contest, and in order to be on top, they need to implement numerous features over short periods of time.XSS is a very commonly exploited vulnerability type which is very widely spread and easily detectable and also it is one of the important vulnerability in OWASP TOP 10. An attacker can inject untrusted snippets of Java Script into your application without validation.