Re: JAR: protocol vulnerability in Firefox, word processor applications reported

[Juha-Matti Laurio <juha-matti.laurio () netti fi>]

I have probably missed to share information about the role of open redirects and Google related to this issue.

References:
10th Nov
http://www.gnucitizen.org/blog/severe-xss-in-google-and-others-due-to-the-jar-protocol-issues

12th Nov
http://blogs.securiteam.com/index.php/archives/1035

It appears that the jarjarbinks.htm PoC-type link listed at
http://blog.beford.org/?p=8

doesn't work any more. Probably Google has fixed the vulnerability now?

Mozilla is still working on it.

- Juha-Matti

Reed Loden <reed () reedloden com> kirjoitti: 
> On Fri, 9 Nov 2007 02:37:01 +0200 (EET)
> Juha-Matti Laurio <juha-matti.laurio () netti fi> wrote:
>
> > The issue was originally reported in Bugzilla document #369814 by
> > Jesse Ruderman of Mozilla community, i.e. it's worth of mentioning
> > that Mozilla security group is aware of the vulnerability.
>
> That's https://bugzilla.mozilla.org/show_bug.cgi?id=369814 for anybody
> who would like to CC themselves or read over current activity
> regarding the bug.
>
> ~reed
>
> --
> Reed Loden - <reed () reedloden com>

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.