Blog for hpHosts, and whatever else I feel like writing about ....

Monday 3 August 2009

Avant Browser XSS vulnerability

A vulnerability has been found in Avant Browser, that could result in malicious infections via XSS. This occurs because Avant Browser does not properly sanitize URL's or content from URL's loaded in browser:home.

The following documents this, and in the meantime, I'm trying to get hold of Anderson to get this resolved ASAP.

http://lostmon.blogspot.com/2009/07/avant-browser-browserhome-persistent.html


The only work-around for this at present, is to delete your browsing history in Avant, and then in IE itself after closing Avant Browser. To do this, once Avant is closed;

1. Click Start > Control Panel
2. Click Internet Options
3. Click Delete

I'll update this entry as soon as I've heard from Anderson.

Kudos to SysAdMini for the heads up.

/edit 04-08-2009 02:11

I've spoken with Anderson Che, and he's going to fix this as a priority. I'll post back when the update is out.

/edit 11-08-2009

An update is now out that includes a fix for this. An update for Orca Browser will be out soon.

http://forum.avantbrowser.com/viewtopic.php?f=36&t=26280

No comments: