Firefox, Thunderbird & SeaMonkeyPost your questions about Mozilla based products (Firefox, Thunderbird & SeaMonkey) here.
Mission Statement
WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.
Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.
Firefox "jar:url" exploit may be triggered via Google XSS vector
Hi
the (currently unpatched) jar:url problem with Firefox can be set off via Google it seems
(at time of posting) Secunia have the exploit as a "less critical": however their workaround is avoid clicking on "jar:url" links http://secunia.com/advisories/27605/
...so I don't think they've (yet) realised that you can't really "avoid clicking" on these if they get cursed onto you via a Google 302 open redirect
I'm not the world's expert in these matters, so mentioning it here so that someone who knows what they are doing can better gauge the severity of the problem. To my limited comprehension, this looks potentially rather nasty (sneaky, easy to work, comes at you out of the blue, poc is out, Google has plenty of 302's, Google's just one example...)
DESCRIPTION:
A security issue has been reported in Mozilla Firefox, which can be
exploited by malicious people to conduct cross-site scripting
attacks.
The problem is that the "jar:" protocol handler does not validate the
MIME type of the contents of an archive, which are then executed in
the context of the site hosting the archive. This can be exploited to
conduct cross-site scripting attacks on sites that allow a user to
upload certain files (e.g. .zip, .png, .doc, .odt, .txt).
SOLUTION:
Do not follow untrusted "jar:" links or browse untrusted websites.
PROVIDED AND/OR DISCOVERED BY:
Reported by Jesse Ruderman in a Bugzilla entry.
