Comments on: Web Mayhem: Firefox’s JAR: Protocol issues

By: nathanr|ca » Firefox Security Threat - Google is vulnerable

nathanr|ca » Firefox Security Threat - Google is vulnerable — Fri, 06 Jun 2008 03:31:49 +0000

[...] security exploits being discovered and being exploited. The latest threat involves the usage of a malicious JAR file. The flaw is still in the wild and the problem persists with the websites of Major Internet [...]

By: View contents of Zip/Jar files using firefox : Burad’s Blog

View contents of Zip/Jar files using firefox : Burad’s Blog — Thu, 15 May 2008 21:49:32 +0000

[...] that come with jar: protocol While serching for pages related to jar protocol in firefox, I found an interesting article at http://www.gnucitizen.org In simple terms, it means that any application which allows upload of JAR/ZIP [...]

By: Technology latest news » Blog Archive » Firefox plans bug fix release for next week (InfoWorld)

Sun, 02 Mar 2008 22:58:23 +0000

[...] the browser during a quality assurance “testday” this Friday. The issue was first pointed out on his blog that the flaw could be used to launch a cross-site scripting attack against the Firefox [...]

By: sanjuro

sanjuro — Fri, 29 Feb 2008 13:17:18 +0000

Never heard of that “jar:” protocol. I wonder if this issue has been fixed by Google, Microsoft and everyone else since this post.

By: J a C k N e w s » Blog Archive » Top Tep Web Hacks of 2007

J a C k N e w s » Blog Archive » Top Tep Web Hacks of 2007 — Thu, 31 Jan 2008 15:09:11 +0000

[...] Firefox’s JAR: Protocol issues [...]

By: neobe’s Blog - Actualités Stockage et Sécurité » Blog Archive » Le top 10 des hacks "web" 2007

Tue, 29 Jan 2008 11:24:15 +0000

[...] Les problèmes des fichiers JAR sous Firefox [...]

By: Firefox ve Güncel Zayıflıkları | SpyArea

Firefox ve Güncel Zayıflıkları | SpyArea — Sat, 01 Dec 2007 20:33:21 +0000

[...] History DoS Attack Web Mayhem: Firefox’s JAR: Protocol issues Bugs in the Browser: Firefox’s DATA URL Scheme Vulnerability « RSnake Röportajı [...]

By: Mozilla Corrects Three Vulnerabilities in Firefox 2.0.0.10 « Bardissi Enterprises Blog

Wed, 28 Nov 2007 20:53:36 +0000

[...] If you’d like more detail on this complex attack, check out pdp’s advisories [ 1 / 2 ]. For more general understanding of XSS attacks, see our article, “Anatomy of a [...]

By: Firefox 2.0.0.10: Neue Version ist erschienen - WinBoard - Die Windows Community

Firefox 2.0.0.10: Neue Version ist erschienen - WinBoard - Die Windows Community — Tue, 27 Nov 2007 11:19:39 +0000

[...] November nochmals zus�tzliche Aufmerksamkeit bekam, nachdem der Sicherheitsexperte Petko Petkov in einem Blog-Eintrag die Gef�hrlichkeit der L�cke nachwies. Zum Schlie�en einer Speicher-Sicherheitsl�cke waren [...]

By: Firefox 2 Security Update Coming

Firefox 2 Security Update Coming — Sat, 24 Nov 2007 19:49:14 +0000

[...] scripting,” said Petko Petkov, founder of security consultancy gnucitizen.org, in «www.gnucitizen.org» earlier this month. “Potential targets for this attack include applications such as [...]

By: Business Daily News » Firefox 2 Security Update Coming

Business Daily News » Firefox 2 Security Update Coming — Sat, 24 Nov 2007 19:48:29 +0000

By: Firefox 2.0.0.10: Neue Version erscheint bereits in K�rze - WinBoard - Die Windows Community

Thu, 22 Nov 2007 14:16:33 +0000

[...] November nochmals zus�tzliche Aufmerksamkeit zukam, nachdem der Sicherheitsexperte Petko Petkov in seinem Blog ver�ffentlicht hatte, dass diese L�cke auch f�r Cross-Site-Scripting-Attacken gegen den Firefox-Browser genutzt [...]

By: United-Underground » Mozilla Readies Firefox Patch

United-Underground » Mozilla Readies Firefox Patch — Wed, 21 Nov 2007 22:00:39 +0000

[...] of Jesse Ruderman, and gained widespread attention earlier this month when researcher Petko Petkov pointed out that the flaw could be used to launch a cross-site scripting attack against the Firefox browser. [...]

By: Info World » Blog Archive » Firefox plans bug fix release for next week

Wed, 21 Nov 2007 11:59:06 +0000

[...] Jesse Ruderman, but it gained widespread attention earlier this month when researcher Petko Petkov pointed out on his blog that the flaw could be used to launch a cross-site scripting attack against the Firefox [...]

By: BlogZilla » Falla "JAR:" per Firefox, XSS per Gmail

BlogZilla » Falla "JAR:" per Firefox, XSS per Gmail — Wed, 21 Nov 2007 10:12:23 +0000

[...] alcuni giorni si parla in rete di un nuovo problema di sicurezza critico che coinvolge la gestione del protocollo "jar:" da parte del browser Firefox sfruttabile [...]

By: Posiblemente tendremos el Firefox 2.0.0.10 para la semana que viene :

Posiblemente tendremos el Firefox 2.0.0.10 para la semana que viene : — Wed, 21 Nov 2007 09:40:43 +0000

[...] edición según se ha comunicado soluciona algunos bugs, como el encontrado por Petko Petkov, que fue publicado en su blog el 7 de noviembre, en el que detectó una vulnerabilidad en que se [...]

By: ICMPECHO » Blog Archive » Firefox JAR: vulnerability - quick summary

ICMPECHO » Blog Archive » Firefox JAR: vulnerability - quick summary — Thu, 15 Nov 2007 00:20:22 +0000

[...] in the Mozilla bugzilla tracker. It remains unpatched and not widely known until…2007-11-07 - Researcher pdp discusses the issue and potential impact at GNUCitizen. This opens this bug up to a whole new audience and…2007-11-10 - Beford illustrates the [...]

By: Security Tips » Jarring Firefox Exploit Endangers Google Accounts

Security Tips » Jarring Firefox Exploit Endangers Google Accounts — Wed, 14 Nov 2007 14:21:37 +0000

[...] researcher Petko D. Petkov, a.k.a pdp, recently posted a discussion of the dangers of .jar on the GNUCITIZEN blog. “The protocol is nothing more but a mechanism for pulling content from compressed [...]

By: opera11

opera11 — Tue, 13 Nov 2007 15:25:46 +0000

It is interesting issue :) Good, that i dont use FF :)))

By: hackademix.net » A Jar of Misleading Advices

hackademix.net » A Jar of Misleading Advices — Tue, 13 Nov 2007 13:18:48 +0000

[...] recent disclosure by pdp of the jar: protocol bug originally discovered and responsibly reported by Jesse Ruderman in [...]