Comments on: Web Mayhem: Firefox’s JAR: Protocol issues

By: Firefox 2.0 : 9 mois pour accoucher d’un correctif de sÃ©curitÃ© â€” SecurityVibes Magazine

Wed, 23 Mar 2011 15:16:52 +0000

[...] dÃ©but de mois, le dÃ©sormais cÃ©lÃ¨bre Petko D. Petkov faisait une nouvelle fois parler de lui en alertant [...]

By: corrector

corrector — Thu, 01 Oct 2009 20:35:45 +0000

“Never heard of that â€œjar:â€ protocol. I wonder if this issue has been fixed by Google, Microsoft and everyone else since this post.” Hug? What is this nonsense all about? There is not/was not, “a Google, MS and every one else” bug. There is (was) an awful, ridiculous, crazy, MS-sh*tware-style exploit-invitation-by-design FF obscenity. No one needs to fix anything except Mozilla. Someone needs to be fired, and that someone is actually so many people. FF credibility is ruined *forever* (or until this team is fired for good).

By: Anti-Virus & Anti-Malware website. » Firefox 2 Security Update Coming

Anti-Virus & Anti-Malware website. » Firefox 2 Security Update Coming — Fri, 31 Jul 2009 12:16:33 +0000

[...] cross-site scripting,” said Petko Petkov, founder of security consultancy gnucitizen.org, in blog post earlier this month. “Potential targets for this attack include applications such as Web mail [...]

By: nathanr|ca » Firefox Security Threat - Google is vulnerable

nathanr|ca » Firefox Security Threat - Google is vulnerable — Fri, 06 Jun 2008 03:31:49 +0000

[...] security exploits being discovered and being exploited. The latest threat involves the usage of a malicious JAR file. The flaw is still in the wild and the problem persists with the websites of Major Internet [...]

By: View contents of Zip/Jar files using firefox : Burad’s Blog

View contents of Zip/Jar files using firefox : Burad’s Blog — Thu, 15 May 2008 21:49:32 +0000

[...] that come with jar: protocol While serching for pages related to jar protocol in firefox, I found an interesting article at http://www.gnucitizen.org In simple terms, it means that any application which allows upload of JAR/ZIP [...]

By: Technology latest news » Blog Archive » Firefox plans bug fix release for next week (InfoWorld)

Sun, 02 Mar 2008 22:58:23 +0000

[...] the browser during a quality assurance “testday” this Friday. The issue was first pointed out on his blog that the flaw could be used to launch a cross-site scripting attack against the Firefox [...]

By: sanjuro

sanjuro — Fri, 29 Feb 2008 13:17:18 +0000

Never heard of that “jar:” protocol. I wonder if this issue has been fixed by Google, Microsoft and everyone else since this post.

By: J a C k N e w s » Blog Archive » Top Tep Web Hacks of 2007

J a C k N e w s » Blog Archive » Top Tep Web Hacks of 2007 — Thu, 31 Jan 2008 15:09:11 +0000

[...] Firefoxâ€™s JAR: Protocol issues [...]

By: neobe’s Blog - ActualitÃ©s Stockage et SÃ©curitÃ© » Blog Archive » Le top 10 des hacks "web" 2007

Tue, 29 Jan 2008 11:24:15 +0000

[...] Les problÃ¨mes des fichiers JAR sous Firefox [...]

By: Firefox ve GÃ¼ncel ZayÄ±flÄ±klarÄ± | SpyArea

Firefox ve GÃ¼ncel ZayÄ±flÄ±klarÄ± | SpyArea — Sat, 01 Dec 2007 20:33:21 +0000

[...] History DoS Attack Web Mayhem: Firefox’s JAR: Protocol issues Bugs in the Browser: Firefox’s DATA URL Scheme Vulnerability « RSnake RÃ¶portajÄ± [...]

By: Mozilla Corrects Three Vulnerabilities in Firefox 2.0.0.10 « Bardissi Enterprises Blog

Wed, 28 Nov 2007 20:53:36 +0000

[...] If you’d like more detail on this complex attack, check out pdp’s advisories [ 1 / 2 ]. For more general understanding of XSS attacks, see our article, “Anatomy of a [...]

By: Firefox 2.0.0.10: Neue Version ist erschienen - WinBoard - Die Windows Community

Firefox 2.0.0.10: Neue Version ist erschienen - WinBoard - Die Windows Community — Tue, 27 Nov 2007 11:19:39 +0000

[...] November nochmals zusätzliche Aufmerksamkeit bekam, nachdem der Sicherheitsexperte Petko Petkov in einem Blog-Eintrag die Gefährlichkeit der Lücke nachwies. Zum Schließen einer Speicher-Sicherheitslücke waren [...]

By: Firefox 2 Security Update Coming

Firefox 2 Security Update Coming — Sat, 24 Nov 2007 19:49:14 +0000

[...] scripting,” said Petko Petkov, founder of security consultancy gnucitizen.org, in «www.gnucitizen.org» earlier this month. “Potential targets for this attack include applications such as [...]

By: Business Daily News » Firefox 2 Security Update Coming

Business Daily News » Firefox 2 Security Update Coming — Sat, 24 Nov 2007 19:48:29 +0000

By: Firefox 2.0.0.10: Neue Version erscheint bereits in Kürze - WinBoard - Die Windows Community

Thu, 22 Nov 2007 14:16:33 +0000

[...] November nochmals zusätzliche Aufmerksamkeit zukam, nachdem der Sicherheitsexperte Petko Petkov in seinem Blog veröffentlicht hatte, dass diese Lücke auch für Cross-Site-Scripting-Attacken gegen den Firefox-Browser genutzt [...]

By: United-Underground » Mozilla Readies Firefox Patch

United-Underground » Mozilla Readies Firefox Patch — Wed, 21 Nov 2007 22:00:39 +0000

[...] of Jesse Ruderman, and gained widespread attention earlier this month when researcher Petko Petkov pointed out that the flaw could be used to launch a cross-site scripting attack against the Firefox browser. [...]

By: Info World » Blog Archive » Firefox plans bug fix release for next week

Wed, 21 Nov 2007 11:59:06 +0000

[...] Jesse Ruderman, but it gained widespread attention earlier this month when researcher Petko Petkov pointed out on his blog that the flaw could be used to launch a cross-site scripting attack against the Firefox [...]

By: BlogZilla » Falla "JAR:" per Firefox, XSS per Gmail

BlogZilla » Falla "JAR:" per Firefox, XSS per Gmail — Wed, 21 Nov 2007 10:12:23 +0000

[...] alcuni giorni si parla in rete di un nuovo problema di sicurezza critico che coinvolge la gestione del protocollo "jar:" da parte del browser Firefox sfruttabile [...]

By: Posiblemente tendremos el Firefox 2.0.0.10 para la semana que viene :

Posiblemente tendremos el Firefox 2.0.0.10 para la semana que viene : — Wed, 21 Nov 2007 09:40:43 +0000

[...] ediciÃ³n segÃºn se ha comunicado soluciona algunos bugs, como el encontrado por Petko Petkov, que fue publicado en su blog el 7 de noviembre, en el que detectÃ³ una vulnerabilidad en que se [...]

By: ICMPECHO » Blog Archive » Firefox JAR: vulnerability - quick summary

ICMPECHO » Blog Archive » Firefox JAR: vulnerability - quick summary — Thu, 15 Nov 2007 00:20:22 +0000

[...] in the Mozilla bugzilla tracker. It remains unpatched and not widely known until…2007-11-07 – Researcher pdp discusses the issue and potential impact at GNUCitizen. This opens this bug up to a whole new audience and…2007-11-10 – Beford illustrates the [...]