Firefox "Cross site scripting" vulnerability discovered

A vulnerability, which could be exploited to conduct cross site scripting attacks and gain knowledge of sensitive information, has been identified in Mozilla Firefox 2.0.0.9,. This issue is caused by an input and origin validation error in the implementation of the "jar" protocol, which could be exploited by attackers to cause malicious scripting code to […]

A vulnerability, which could be exploited to conduct cross site scripting attacks and gain knowledge of sensitive information, has been identified in Mozilla Firefox 2.0.0.9,. This issue is caused by an input and origin validation error in the implementation of the "jar" protocol, which could be exploited by attackers to cause malicious scripting code to be executed by a user's browser in the security context of an arbitrary Web site by tricking the user into following a specially crafted link. The vulnerability is due to same origin and XSS issues when opening .JAR packages. The following file formats are known attack vectors: .zip, .doc, and .odt.

Gnucitizen

Firefox, Secuirty, Vulnerability, Exploit, Bug, Browser

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.