Feeds

back to article Firefox broken Jar vuln. menaces Gmail

Security watchers are concerned that a protocol handling flaw in Firefox could have implications for the security of data held within Google and, possibly, other web applications. The flaw, involving the handling of the "jar:" protocol by Firefox, gives rise to cross-site scripting attacks. No patch is available through there …

COMMENTS

This topic is closed for new posts.

"Noscript" plugin

I believe that the newest version of the Firefox plugin called, "Noscript" overcomes this JarJar vulnerability & stops a whole bunch of other nasties. Admittedly, it makes web browsing a bit ugly, but the web is a pretty ugly place isn't it?

0
0
Anonymous Coward

heh

Jar Jar links. nice.

'arguably racist' - you forgot 'and shit'.

0
0
Thumb Down

No real

reason to mention Gmail in the title then. was there.

0
0
Law
Dead Vulture

RE: No real

I dunno, scared me into reading it....

my thought process was:

"Firefox broken"... oh great not again *sighs*

"broken jar vuln"... yeah, because java sucks *sighs*

"menaces Gmail" ... crap - I use firefox AND Gmail QUICK, READ, BEFORE ITS TOO LATE - AGGGGHHHHHHHHH!!!!

0
0
Paris Hilton

What's this got to do with Gmail?

The media scaremongers have infiltrated The Register! Red alert!

You forgot to include Paris Hilton in the subject. I'm sure this affects her too someway. Maybe she drinks java coffee and has an outfit made of fox skin? ;-)

0
0
Bronze badge

The latest version of the Firefox browser

..isn't it called no-web?

O hang on - that was the last one - or was that slo-mo web?

I installed it once - tried to use it and was convinced someone had sneaked in and replaced the DSL line with a standard dial-up modem.

0
0
Alert

Shame you left out the NoScript advice

The ONLY fix currently available is the NoScript plugin according to the US Cert advisory (www.kb.cert.org/vuls/id/715737).

I know NoScript can be a pain on some sites - I've even (*shudder*) had to revert to IE to use some of them - but I value my security over the issues, particularly as my kids use IM, mySpace and other social networks so much.

btw the original report on this was made by Jesse Ruderman in February. Why has it taken so long to not produce a fix?

0
0
This topic is closed for new posts.