Thumb twiddling Mozilla promises fix for privacy-biting bug

Tuesday, 20 November 2007, 5:15 AM EST

Mozilla's head of security has promised a patch for a dangerous vulnerability that's been lurking in the popular Firefox browser for more than eight months.

The new urgency in fixing the jar: protocol handler comes after bloggers in recent weeks demonstrated how the vulnerability could wreak real-world havoc, including allowing attackers to steal a victim's Gmail contacts. Short for Java Archive, the jar: protocol is used to compress Java classes and other types of files into a single file. Problem is, the protocol will open any zip-formatted file without first validating the MIME type of the archived contents. Malicious content is then run in the context of a trusted site.

At The Register.

[ Read more ]




Spotlight

Keeping passwords safe from cracking

A group of researchers from Purdue University in Indiana have come up with an effective and easy-to-implement solution for protecting passwords from attackers.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, May 22nd
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //