New, unpatched JAR: protocol vulnerability reported originally in Firefox 2.0.0.9 and word processor applications affects to Google too. Web sites using so-called open redirects are vulnerable.
The vulnerability was reported by Petko D Petkov (aka pdp) familiar with Acrobat and Gmail vulnerabilities etc.
Severe XSS in Google and Others due to JAR protocol issues: http://www.gnucitizen.org/blog/severe-xss-in-google-and-others-due-to-the-jar-protocol-issues
The following Beford.org blog entry demonstrates the issue (spaces added to prevent hyperlink):
http://beford.org/stuff/jarjarbinks . htm
redirecting to jar:http://groups . google . com/searchhistory... type URL.
Background information – The JAR vulnerability entry from 7th Nov: http://www.gnucitizen.org/blog/web-mayhem-firefoxs-jar-protocol-issues
Vulnerabilities on Google's domain were reported during the weekend.
When testing the link mentioned (FF on Mac) Google is vulnerable still. I have confirmed on Saturday (UTC) that Google security team is aware. |
Mozilla has shared information about the upcoming Firefox 2.0.10 patch here: http://blog.mozilla.com/security/2007/11/16/jar-protocol-xss-security-issues/ |
It appears that the "jarjarbinks.htm" Proof-of-Concept type link listed at http://blog.beford.org/?p=8
doesn't work any more. Probably Google has fixed the vulnerability now?
It didn't work on Wednesday 14th Oct when I tested it, but I missed to make a forum post:( |
Ooops, when tested on Wednesday 14th _Nov_ – this week! |
Updated information, delivered me by the author of Beford Blog:
When entering the "jarjarbinks.htm" link manually to the browser (i.e. Copy Link Location with right mouse-button) the links works still. It appears that after two weeks Google hasn't fixed this yet!
[link mentioned in previous posts]
|
And new Firefox 2.0.0.10 includes a fix now: http://www.mozilla.org/security/announce/2007/mfsa2007-37.html |