Firefox Patch Coming For Protocol Handling Bug


	Firefox Patch Coming For Protocol Handling Bug

merrie

11-21-2007 1:27 AM

256 views

tags:

firefox patch, protocol handling bug, firefox 2.0.0.10 beta

merrie says:

Firefox supports the Java Archive URI scheme that allows the addressing of the contents of zip archives. An attacker may upload a zip format file to a trusted site that allows users to upload content. The victim clicks on a link on the attacker’s website or in an email that links to the uploaded content on a trusted site. Since the content is loaded from the trusted site, content from the zip file runs in the context of the trusted site. This may allow the attacker to access information stored on the trusted site without the victim’s knowledge.
There is a second issue that if a zip archive is loaded from a site through a redirect, Firefox uses the context from the initiating site. This allows an attacker to take advantage of a site with an open redirect and host content on their own malicious site that will execute with the permissions of the redirecting site.
http://blogs.zdnet.com/security/?p=682&tag=nl.rSINGLE
http://blogs.zdnet.com/security/?p=682

Add a Comment

Login to Comment. Not a member yet? Sign up

View the Top Clips from November 21, 2007

Embed This Clip In Your Site...

<div style="margin: 12px 0px; font-family: arial; color: #333333; background: #ffffff; border: solid 4px #e5e5e5; width: 100%; clear: left;"><div class="CM_CTB_Content_Wrap" style="margin: 0px; padding: 0px;background-color:#e5e5e5;"><div style="border-bottom: solid 1px #dcdcdc; white-space: nowrap; margin-bottom: 8px; background-color: #eeeeee ;background-image: url(http://clipmarks.com/images/source-bg.gif); background-repeat: repeat-x; height: 24px; line-height: 24px; vertical-align: middle; padding-bottom: 4px; color: #666666; font-size: 10px;" ><a href="http://clipmarks.com/clip-to-blog/" title="see clips that are hot right now"><img src="http://content.clipmarks.com/blog_embed/3f60f0e8-8246-4c20-b7cf-798184ea4575/88723BE7-CE88-46D5-84BC-60F801DED788/" alt="" width="19" height="19" border="0" style="vertical-align: middle; margin: 0px 4px; display: inline; border: none; float:none;" /></a>clipped from <a title="http://blogs.zdnet.com/security/?p=652" href="http://blogs.zdnet.com/security/?p=652" style="font-size: 11px;">blogs.zdnet.com</a></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/security/?p=652"><div align="center"><img src="http://content8.clipmarks.com/blog_cache/blogs.zdnet.com/img/86B490CD-DDDD-4624-92AC-DB88B2C1735F" alt="Mozilla working on Jar protocol fix" /></div></blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/security/?p=652">Mozilla security chief Window Snyder says the “jar:” protocol handler issue that currently haunts Firefox will be fixed very soon in the next refresh of the browser.</blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/security/?p=652">The problem (<A href="http://blogs.zdnet.com/security/?p=652">see previous coverage</A>) is that Firefox’s “jar:” protocol handler does not validate the MIME type of the contents of an archive, which are then executed in the context of the site hosting the archive. This can be exploited to conduct cross-site scripting attacks on sites that allow a user to upload certain files (e.g. .zip, .png, .doc, .odt, .txt).</blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/security/?p=652"><P>Starting with Firefox 2.0.0.10, which is currently in testing,  the browser will only support the jar scheme for files that are served with the correct application/java-archive MIME type.  Firefox will also adjust the security context to recognize the final site as the source of the content, Snyder said.</P></blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/security/?p=652"><P>The <A href="http://blog.beford.org/?p=8">GMail proof-of-concept is available here</A>.</P></blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/security/?p=652">Also see <A href="http://hackademix.net/2007/11/13/a-jar-of-misleading-advices/">Giorgio Maone’s detailed description of this issue</A>, which includes a criticism of my previous mitigation advice</blockquote></div><div style="margin: 0px 6px 6px 4px;"><table style="font-size: 11px;border-spacing: 0px;padding: 0px;" cellpadding="0" cellspacing="0" width="100%"><tr><td style="background:transparent;border-width:0px;padding:0px;">&nbsp;</td><td align="right" style="background:transparent;border-width:0px;padding:0px;width:107px" width="107"><a href="http://clipmarks.com/share/88723BE7-CE88-46D5-84BC-60F801DED788/blog/" title="blog or email this clip"><img src="http://content9.clipmarks.com/images/c2b-foot.png" border="0" alt="blog it" width="107" height="17" style="border-width:0px;padding:0px;margin:0px;" /></a></td></tr></table></div></div>

Clipmarks: Home; New Clips; Top Clips; Dashboard

Popular Topics: News; Life; Science; Technology; Entertainment

Get Started: Sign Up; Install Clipping Tool; How Clipping Works; Clip-to-Blog™; ClipSearch

Tools and Resources: FAQ; ClipWeek; Top Clippers; Top Tags; Site Map

About Clipmarks: About Us; Contact; Blog; Copyright; Privacy; EULA

Search Options

Related Clips

More clips from merrie

Today's Top Clips