A nasty web bug has been discovered by researchers from Princeton University according to The Register.

The websites that were attacked include ING Direct which is a global financial services company and New York Times, a newspaper site.

Both Firefox and Internet Explorer browsers are affected. The author of the article notes that ING’s secure sockets layer protocol was not able to prevent the attack.

“The vulnerabilities in the websites are severe, demonstrating the pervasiveness and importance of CSRF protection,” said the CTO of White Hat Security. SSRF stands for cross-site request forgery. Two CSRF holes existed in YouTube and MetaFilter.

Source: The Register