funsec mailing list archives
Re: JAR: protocol vulnerability in Firefox, word processor applications reported
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Thu, 15 Nov 2007 02:06:36 +0200 (EET)
I have probably missed to share information about the role of open redirects and Google related to this issue. References: 10th Nov http://www.gnucitizen.org/blog/severe-xss-in-google-and-others-due-to-the-jar-protocol-issues 12th Nov http://blogs.securiteam.com/index.php/archives/1035 It appears that the jarjarbinks.htm PoC-type link listed at http://blog.beford.org/?p=8 doesn't work any more. Probably Google has fixed the vulnerability now? Mozilla is still working on it. - Juha-MattiReed Loden <reed () reedloden com> kirjoitti:
On Fri, 9 Nov 2007 02:37:01 +0200 (EET) Juha-Matti Laurio <juha-matti.laurio () netti fi> wrote: > The issue was originally reported in Bugzilla document #369814 by > Jesse Ruderman of Mozilla community, i.e. it's worth of mentioning > that Mozilla security group is aware of the vulnerability. That's https://bugzilla.mozilla.org/show_bug.cgi?id=369814 for anybody who would like to CC themselves or read over current activity regarding the bug. ~reed -- Reed Loden - <reed () reedloden com>
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: JAR: protocol vulnerability in Firefox, word processor applications reported Juha-Matti Laurio (Nov 14)