I have probably missed to share information about the role of open redirects
and Google related to this issue.
References:
10th Nov
http://www.gnucitizen.org/blog/severe-xss-in-google-and-others-due-to-the-jar-protocol-issues
12th Nov
http://blogs.securiteam.com/index.php/archives/1035
It appears that the jarjarbinks.htm PoC-type link listed at
http://blog.beford.org/?p=8
doesn't work any more. Probably Google has fixed the vulnerability now?
Mozilla is still working on it.
- Juha-Matti
Reed Loden <[EMAIL PROTECTED]> kirjoitti:
On Fri, 9 Nov 2007 02:37:01 +0200 (EET)
Juha-Matti Laurio <[EMAIL PROTECTED]> wrote:
> The issue was originally reported in Bugzilla document #369814 by
> Jesse Ruderman of Mozilla community, i.e. it's worth of mentioning
> that Mozilla security group is aware of the vulnerability.
That's https://bugzilla.mozilla.org/show_bug.cgi?id=369814 for anybody
who would like to CC themselves or read over current activity
regarding the bug.
~reed
--
Reed Loden - <[EMAIL PROTECTED]>
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
