Vulnerability Note VU#715737
Mozilla-based browsers jar: URI cross-site scripting vulnerability
Mozilla-based web browsers including Firefox contain a vulnerability that may allow an attacker to execute code, or conduct cross-site scripting attacks.
The jar: protocol is designed to extract content from ZIP compressed files. Mozilla-based browsers include support for jar: URIs that are of the form jar:[url]![/path/to/file.ext]. The compressed file does not need to have a .zip extension.
From the GNUCITIZEN blog:
To successfully exploit this vulnerability, an attacker could place or link to a specially crafted archive file on a site and convince the user to open the file with a Mozilla based browser. An attacker could use sites that allow user-submitted content distribute malicious archived files.
This vulnerability may allow an attacker to execute cross-site scripting attacks on sites that allow users to upload pictures, archives, or other files.
This vulnerability is addressed in Mozilla Firefox 18.104.22.168: From MFSA 2007-37:
Workarounds for website administrators
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Affected||11 Nov 2007||11 Nov 2007|
|Mozilla||Affected||-||27 Nov 2007|
CVSS Metrics (Learn More)
This vulnerability was disclosed by PDP on the GNUCITIZEN website.
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2007-5947
- Date Public: 07 Nov 2007
- Date First Published: 08 Nov 2007
- Date Last Updated: 20 Nov 2008
- Severity Metric: 29.53
- Document Revision: 36
If you have feedback, comments, or additional information about this vulnerability, please send us email.