InformationWeek 21/11/2007
Website: http://www.informationweek.com
Even as Firefox 3 moves into beta, Firefox 2 is getting a security makeover.
Firefox 2.0.0.10 addresses a Java Archive handling bug that was first reported back in February. The vulnerability allows a malicious attacker to conduct a cross-site scripting attack by hiding exploit code in a Java Archive (.jar) file. This is because the .jar protocol is not restricted to .jar files and will open .zip files, which can be malicious.
"In simple terms, [this] means that any application which allows upload of .jar/.zip files is potentially vulnerable to a persistent cross-site scripting," said Petko Petkov, founder of security consultancy gnucitizen.org, in blog post earlier this month. "Potential targets for this attack include applications such as Web mail clients, collaboration systems, document sharing systems, almost everything that smells like Web 2.0, etc., etc., etc."
The browser update also addresses a redirection bug related to .jar/.zip files.
The Mozilla Security Blog notes that this exploit has been demonstrated to work against Gmail as a way to access the victim's stored contacts.
"In future versions Firefox will only support the jar scheme for files that are served with the correct application/java-archive MIME type," says the Mozilla Security Blog. "Firefox will also adjust the security context to recognize the final site as the source of the content. This will be addressed in Firefox 2.0.0.10, which is currently in testing."
No comments:
Post a Comment