New, unpatched JAR: protocol vulnerability reported originally in Firefox 2.0.0.9 and word processor applications affects to Google too.
Web sites using so-called open redirects are vulnerable.
The vulnerability was reported by Petko D Petkov (aka pdp) familiar with Acrobat and Gmail vulnerabilities etc.
Severe XSS in Google and Others due to JAR protocol issues:
gnucitizen.org/blog/severe-xss ...
The following Beford.org blog entry demonstrates the issue (spaces added to prevent hyperlink):
beford.org/stuff/jarjarbinks . htm
redirecting to jar: groups . google . com/searchhistory... type URL.
Background information –
The JAR vulnerability entry from 7th Nov:
gnucitizen.org/blog/web-mayhem ...
Vulnerabilities on Google's domain were reported during the weekend.
When testing the link mentioned (FF on Mac) Google is vulnerable still.
I have confirmed on Saturday (UTC) that Google security team is aware. |
Mozilla has shared information about the upcoming Firefox 2.0.10 patch here:
blog.mozilla.com/security/2007 ... |
It appears that the "jarjarbinks.htm" Proof-of-Concept type link listed at
blog.beford.org/?p=8
doesn't work any more. Probably Google has fixed the vulnerability now?
It didn't work on Wednesday 14th Oct when I tested it, but I missed to make a forum post:( |
Ooops, when tested on Wednesday 14th _Nov_ – this week! |
Updated information, delivered me by the author of Beford Blog:
When entering the "jarjarbinks.htm" link manually to the browser (i.e. Copy Link Location with right mouse-button) the links works still.
It appears that after two weeks Google hasn't fixed this yet!
[link mentioned in previous posts]
|
And new Firefox 2.0.0.10 includes a fix now:
mozilla.org/security/announce/ ... |
