Mozilla-based web browsers including Firefox contain a vulnerability that may allow an attacker to execute code, or conduct cross-site scripting attacks.
The jar: protocol is designed to extract content from ZIP compressed files. Mozilla-based browsers include support for jar: URIs that are of the form jar:[url]![/path/to/file.ext]. The compressed file does not need to have a .zip extension.
From the GNUCITIZEN blog:
This vulnerability may allow an attacker to execute cross-site scripting attacks on sites that allow users to upload pictures, archives, or other files.
This vulnerability is addressed in Mozilla Firefox 184.108.40.206: From MFSA 2007-37:
Workarounds for network administrators and users
Workarounds for website administrators
This vulnerability was disclosed by PDP on the GNUCITIZEN website.
This document was written by Ryan Giobbi.
|Date First Published:||2007-11-08|
|Date Last Updated:||2008-11-20 16:16 UTC|