Resolved question

Cross-Site Scripting, 3rd-party cookies

by alfadog67 - 12/30/13 3:55 PM

I'm having trouble understanding a couple of things, and this is the most resourceful place I can think of for answers.

1) Isn't cross-site scripting supposed to be a security issue? It seems that everyone is opposed to it because of javascript injection, and yet I see it all over the web - for instance, I'll go visit a page at www.example.com, and it will have javascript tags that point to someothersite.com. Can you help me to understand the differences between this and cross-site script?

2) Third-Party cookies are, so I thought, cookies that come from a site other than the one your browser is pointed to. For example when you visit www.example.com, they may have an image on their page that comes from someothersite.com, and which is trying to store a cookie on your browser. These cookies are the main source for tracking one's internet habits, right? So why, when I disable third-party cookies in my browser, are these still being propagated unless I install an add-on such as DonotTrackMe? Am I perhaps missing the mechanics of how these cookies are delivered? I have read many good privacy tracking articles, but I can't seem to make the connection between what I consider to be a third-party cookie and what my browser considers to be one.