Thumb twiddling Mozilla promises fix for privacy-biting bug

Tuesday, 20 November 2007, 5:15 AM EST

Mozilla's head of security has promised a patch for a dangerous vulnerability that's been lurking in the popular Firefox browser for more than eight months.

The new urgency in fixing the jar: protocol handler comes after bloggers in recent weeks demonstrated how the vulnerability could wreak real-world havoc, including allowing attackers to steal a victim's Gmail contacts. Short for Java Archive, the jar: protocol is used to compress Java classes and other types of files into a single file. Problem is, the protocol will open any zip-formatted file without first validating the MIME type of the archived contents. Malicious content is then run in the context of a trusted site.

At The Register.

[ Read more ]




Spotlight

Windows 0-day exploited in ongoing attacks, temporary workarounds offered

Posted on 22 October 2014.  |  A new Windows zero-day vulnerability is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //