"JAR:" protocol vulnerability discovered in Firefox

A vulnerability, which could be exploited to conduct cross site scripting attacks and gain knowledge of sensitive information, has been identified in Mozilla Firefox 2.0.0.9,. This issue is caused by an input and origin validation error in the implementation of the "jar" protocol, which could be exploited by attackers to cause malicious scripting code to be executed by a user's browser in the security context of an arbitrary Web site by tricking the user into following a specially crafted link. The vulnerability is due to same origin and XSS issues when opening .JAR packages. The following file formats are known attack vectors: .zip, .doc, and .odt.

News source: Gnucitizen

Report a problem with article
Previous Story

Linux wins Nigerian school desktops back from Microsoft

Next Story

Fedora 8.0.1

4 Comments - Add comment