Internet Storm Center

SANS Network Security: Las Vegas Sept 4-9.

Handler on Duty: Renato Marinho

Threat Level: green

Google XSS

Published: 2007-11-11. Last Updated: 2007-11-11 23:46:11 UTC
by Marcus Sachs (Version: 1)

Juha-Matti reminded us of a new Google cross-site scripting issue related to a recent JAR: protocol vulnerability in Firefox that was reported by Petko D Petkov on Saturday:

http://www.gnucitizen.org/blog/severe-xss-in-google-and-others-due-to-the-jar-protocol-issues

References:

http://www.gnucitizen.org/blog/web-mayhem-firefoxs-jar-protocol-issues

http://www.securityfocus.com/bid/26385

http://secunia.com/advisories/27605/

http://www.kb.cert.org/vuls/id/715737

Marcus H. Sachs
Director, SANS Internet Storm Center

Keywords:

Comments

NoScript add-on has a new feature in V. 1.1.8 "JAR Jammer" that seems to designed to mitigate this exploit

Login here to join the discussion.

Diary Archives