"JAR:" protocol vulnerability discovered in Firefox

A vulnerability, which could be exploited to conduct cross site scripting attacks and gain knowledge of sensitive information, has been identified in Mozilla Firefox 2.0.0.9,. This issue is caused by an input and origin validation error in the implementation of the "jar" protocol, which could be exploited by attackers to cause malicious scripting code to be executed by a user's browser in the security context of an arbitrary Web site by tricking the user into following a specially crafted link. The vulnerability is due to same origin and XSS issues when opening .JAR packages. The following file formats are known attack vectors: .zip, .doc, and .odt.

News source: Gnucitizen

Report a problem with article
Previous Story

Linux wins Nigerian school desktops back from Microsoft

Next Story

Fedora 8.0.1

4 Comments

Commenting is disabled on this article.

Yea, but is still one of the best/most customizable browsers around. All software has bugs, if it didn't Microsoft would be adored by one and all.

They'll fix it, then another vulnerability found, and they'll fix that, and the game keeps going as long as there are malicious hackers in the world.

Fix soon? Are you kidding me? They cannot fix some little but critical bugs in 7 years.
Quoting from the article (did you read it?):

Nice find Pdp!
Even if you discovered it independently, in Bugzilla.Mozilla.org, the developers found this issue on Fabruary 2007 (with a p0c too)!