"JAR:" protocol vulnerability discovered in Firefox

A vulnerability, which could be exploited to conduct cross site scripting attacks and gain knowledge of sensitive information, has been identified in Mozilla Firefox 2.0.0.9,. This issue is caused by an input and origin validation error in the implementation of the "jar" protocol, which could be exploited by attackers to cause malicious scripting code to be executed by a user's browser in the security context of an arbitrary Web site by tricking the user into following a specially crafted link. The vulnerability is due to same origin and XSS issues when opening .JAR packages. The following file formats are known attack vectors: .zip, .doc, and .odt.

News source: Gnucitizen

Previous Story
Linux wins Nigerian school desktops back from Microsoft
Next Story
Samsung Stops Selling Most Products in Japan