back to article Firefox broken Jar vuln. menaces Gmail

Security watchers are concerned that a protocol handling flaw in Firefox could have implications for the security of data held within Google and, possibly, other web applications. The flaw, involving the handling of the "jar:" protocol by Firefox, gives rise to cross-site scripting attacks. No patch is available through there …

COMMENTS

This topic is closed for new posts.
  1. Simon Waddington

    "Noscript" plugin

    I believe that the newest version of the Firefox plugin called, "Noscript" overcomes this JarJar vulnerability & stops a whole bunch of other nasties. Admittedly, it makes web browsing a bit ugly, but the web is a pretty ugly place isn't it?

  2. Anonymous Coward
    Anonymous Coward

    heh

    Jar Jar links. nice.

    'arguably racist' - you forgot 'and shit'.

  3. Anonymous Coward
    Thumb Down

    No real

    reason to mention Gmail in the title then. was there.

  4. Law
    Dead Vulture

    RE: No real

    I dunno, scared me into reading it....

    my thought process was:

    "Firefox broken"... oh great not again *sighs*

    "broken jar vuln"... yeah, because java sucks *sighs*

    "menaces Gmail" ... crap - I use firefox AND Gmail QUICK, READ, BEFORE ITS TOO LATE - AGGGGHHHHHHHHH!!!!

  5. Name
    Paris Hilton

    What's this got to do with Gmail?

    The media scaremongers have infiltrated The Register! Red alert!

    You forgot to include Paris Hilton in the subject. I'm sure this affects her too someway. Maybe she drinks java coffee and has an outfit made of fox skin? ;-)

  6. Colin Millar

    The latest version of the Firefox browser

    ..isn't it called no-web?

    O hang on - that was the last one - or was that slo-mo web?

    I installed it once - tried to use it and was convinced someone had sneaked in and replaced the DSL line with a standard dial-up modem.

  7. Mary F
    Alert

    Shame you left out the NoScript advice

    The ONLY fix currently available is the NoScript plugin according to the US Cert advisory (www.kb.cert.org/vuls/id/715737).

    I know NoScript can be a pain on some sites - I've even (*shudder*) had to revert to IE to use some of them - but I value my security over the issues, particularly as my kids use IM, mySpace and other social networks so much.

    btw the original report on this was made by Jesse Ruderman in February. Why has it taken so long to not produce a fix?

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021