Skip to main content

Firefox vulnerability affects Gmail

Secunia (opens in new tab) has reported a security issue in Mozilla Firefox which involves the way Firefox handles the "jar:" protocol.

This can be exploted by malicious people to conduct cross-site scripting attacks and the only way to avoid being compromised is not to follow non-trusted "jar:" links or browse non-trusted websites.

The GNUcitizen (opens in new tab) blog adds that the "jar: content run within the scope/origin of the secondary URL. Therefore, a URL like this: jar:https:// example.com/test.jar!/t.htm, will render a page which executes within the origin

GNUCitizen also showed a proof of concept demo which illustrates how Gmail user contact book might be compromised and ransacked using the approach.

Intriguingly though, this issue was added as an extension to an existing bug on Mozilla dedicated bug squashing website.

Softpedia (opens in new tab) provided a quick way of avoiding being compromised : Just install a noscript extension which would allow Firefox users to disable scripts on certain websites.

Désiré Athow
Contributor

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.