A vulnerability, which could be exploited to conduct cross site scripting attacks and gain knowledge of sensitive information, has been identified in Mozilla Firefox 220.127.116.11,. This issue is caused by an input and origin validation error in the implementation of the "jar" protocol, which could be exploited by attackers to cause malicious scripting code to be executed by a user's browser in the security context of an arbitrary Web site by tricking the user into following a specially crafted link. The vulnerability is due to same origin and XSS issues when opening .JAR packages. The following file formats are known attack vectors: .zip, .doc, and .odt.
News source: Gnucitizen