In association with heise online

20 November 2007, 15:57

Mozilla Foundation to close XSS hole in Firefox

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The recently identified vulnerability in Firefox's implementation of the 'jar' protocol appears to offer greater potential for misuse than previously assumed. The hole can be exploited to obtain logon credentials by tricking specific defence mechanisms or filters that protect against cross-site scripting and active content on websites such as MySpace. It had previously been claimed that this would be possible only if zip or other archives containing specially doctored content were stored on web servers visited by victims.

According to the developers, the attacks can also be launched through redirects, allowing attackers to store the crafted archives on any server. To execute the archive, it is only necessary for the redirect to be embedded in the HTML code or to use services like GMail which offers redirects within an URL. A proof of concept from the Firefox developers is demonstrating these issues in an attack against Google Mail that is able to access all of a victim's contacts. The developers intend to fix the problem in Firefox by having the browser validate the MIME type of the contents of the archive. Version is currently undergoing a range of tests.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit