Mozilla to fix 9-month-old JAR URL handling bug

Posted by Scott_Ruecker on Nov 19, 2007 8:18 PM EDT
eWEEK Linux; By Lisa Vaas 		Mail this story
Print this story

The XSS flaw, found in the Firefox JAR URL handler, is a problem child endemic to just about anything Web 2.0. Mozilla is working to fix a flaw in the JAR URL handler that could leave Firefox users open to cross-site scripting attacks that are impossible for anti-virus programs to prevent. It turns out that the vulnerability, first reported in February by Jesse Ruderman, is far more serious than first realized. In fact, it turns out to be endemic to "almost everything that smells like Web 2.0," security researcher Petko D. Petkov, also known as "pdp" of GNUCitizen, wrote in a Nov. 7 posting.

Full Story

  Nav
» Read more about: Story Type: News Story; Groups: Mozilla

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.