Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Google XSS SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Google XSS

Juha-Matti reminded us of a new Google cross-site scripting issue related to a recent JAR: protocol vulnerability in Firefox that was reported by Petko D Petkov on Saturday:

http://www.gnucitizen.org/blog/severe-xss-in-google-and-others-due-to-the-jar-protocol-issues

References:

http://www.gnucitizen.org/blog/web-mayhem-firefoxs-jar-protocol-issues

http://www.securityfocus.com/bid/26385

http://secunia.com/advisories/27605/

http://www.kb.cert.org/vuls/id/715737

Marcus H. Sachs
Director, SANS Internet Storm Center

Marcus

301 Posts
ISC Handler
NoScript add-on has a new feature in V. 1.1.8 "JAR Jammer" that seems to designed to mitigate this exploit
Anonymous

Sign Up for Free or Log In to start participating in the conversation!