Tuesday, November 13, 2007 11:13 AM
cmosby
Mozilla Firefox "jar:" Protocol Handling Cross-Site Scripting Security Issue - Advisories - Secunia
Mozilla Firefox "jar:" Protocol Handling Cross-Site Scripting Security Issue
Secunia Advisory:
SA27605
Release Date:
2007-11-09
Critical:
Less critical
Impact:
Cross Site Scripting
Where:
From remote
Solution Status:
Unpatched
Software:
Mozilla Firefox 2.0.x
Description:
A security issue has been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks.
The problem is that the "jar:" protocol handler does not validate the MIME type of the contents of an archive, which are then executed in the context of the site hosting the archive. This can be exploited to conduct cross-site scripting attacks on sites that allow a user to upload certain files (e.g. .zip, .png, .doc, .odt, .txt).
Solution:
Do not follow untrusted "jar:" links or browse untrusted websites.
Provided and/or discovered by:
Reported by Jesse Ruderman in a Bugzilla entry.
Independently discovered by pdp.
Original Advisory:
Mozilla:
https://bugzilla.mozilla.org/show_bug.cgi?id=369814
GNUCITIZEN:
http://www.gnucitizen.org/blog/web-mayhem-firefoxs-jar-protocol-issues
Other References:
US-CERT VU#715737:
http://www.kb.cert.org/vuls/id/715737
Source: Mozilla Firefox "jar:" Protocol Handling Cross-Site Scripting Security Issue - Advisories - Secunia
Filed under: Browser Wars, Firefox, Security