Firefox "jar:url" exploit may be triggered via Google XSS vector

Hi

the (currently unpatched) jar:url problem with Firefox can be set off via Google it seems

(at time of posting) Secunia have the exploit as a "less critical ": however their workaround is avoid clicking on "jar:url" links
http://secunia.com/advisories/27605/

...so I don't think they've (yet) realised that you can't really "avoid clicking" on these if they get cursed onto you via a Google 302 open redirect

I'm not the world's expert in these matters, so mentioning it here so that someone who knows what they are doing can better gauge the severity of the problem. To my limited comprehension, this looks potentially rather nasty (sneaky, easy to work, comes at you out of the blue, poc is out, Google has plenty of 302's, Google's just one example...)

refs:
http://isc.sans.org/diary.html
http://www.gnucitizen.org/blog/severe-xss-in-google-and-others-due-to-the-jar-protocol-issues
http://www.gnucitizen.org/blog/web-mayhem-firefoxs-jar-protocol-issues

(perhaps this should have gone to "general security" but FF appears to be the only browser affected)

best wishes, HJ

 

a comment to SANS suggests the "noscript" firefox add-on, which can act against this type of attack - I've just installed it

stay safe & best wishes, HJ

==

**edit**
pls use the link below for the SANS article, rather than the one given in post #1 (unfortunately the time to edit that post has expired)

...using the link below will take you to the correct diary (rather than to "today's" diary):
http://isc.sans.org/diary.html?date=2007-11-11

BTW, that "noscript" add-on is truly wonderful

 

Hugh,

Thanks very much for posting this security vulnerability! Following is what the Secunia Advisory stated:

TITLE:
Mozilla Firefox "jar:" Protocol Handling Cross-Site Scripting Security Issue

 

Apparently this vulnerability and two other vulnerabilities are fixed with v2.0.0.10 released November 26, 2007.

http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.10