Is SSL Useless against XSS

Once in a while I read articles and comments from people that claim SSL secures it all. How wrong can one be, SSL doesn't do anything to secure you. Others swear by 2 factor authentication, and the ones who understand: just laugh. Because it doesn't help a thing if you are vulnerable to XSS. What? XSS can defeat SSL? sure it can, that's why many are still so ignorant about XSS.

A small XSS vulnerability can render all your SSL precautions useless. The reason is actually very obvious, but somehow many can't grasp the idea that security is a process. Besides other serious exploits, or just Javascript that is executed on a SSL enabled host, we can also force the browser to exit the SSL connection and return to a normal connection.

So in combination with man in the middle attacks we can utilize Javascript to enable us a sniffable line. For the greater good, many online services allow us to switch from an SSL connection to a regular one, even if we are in the middle of authentication. So we can utilize this almost anywhere, from XSS holes to browser or desktop based malware that wants to sniff a connection.