diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


Firefox exploit caused Google Accounts hacking

Google user accounts are vulnerable to cross-site scripting attacks through a dangerous Firefox exploit, which is still in the wild some 10 days after its discovery. A client or server-side exploit can be inserted into .zip files via open document formats from Microsoft Office 2007 and OpenOffice, and uploaded to a server where the Firefox JAR protocol extracts the compressed data. Affected platforms range from Web mail clients, collaboration and document sharing systems and other Web 2.0 applications from large software vendors. Users can download a NoScript add-on for Firefox to block JavaScript and executable content from untrusted Web sites, and can secure their Google accounts by remaining signed out whenever possible.

The reason Google accounts, including Gmail, can be targeted more easily is because of a 302 redirect error in Google, discovered by bedford.org’s Morgan Lowtech, which creates a domain-wide cross-site scripting attack. This allows hackers to gain access and modify Google user accounts including e-mails, contact lists and online presence. While Mozilla has not issued a solution to the problem, application firewalls and proxy servers can be used to block Windows Universal Resource Identifiers (URIs) that contain the JAR protocol, while Web administrators can use a reverse proxy to prevent malicious content from being uploaded.

PC World

Google, Gmail, Firefox, Vulnerability, Exploit, Mozilla, Hacking

Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...