The Channel logo


By | John Leyden 27th November 2007 11:24

Firefox update puts lid on Jar bug

Safe to surf

Mozilla released an update to its Firefox browser on Monday designed to address a trio of vulnerabilities.

Firefox addresses a bug in the open source browser's "jar:" protocol handle, a memory corruption vulnerability, and a potential cross-site scripting hazard.

The jar: protocol handle bug was first identified in February by Mozilla's Jesse Ruderman, but efforts to smite the flaw didn't materialise until security bloggers demonstrated how the vulnerability could be abused to perform various exploits, including creating a possible means for hackers to steal a victim's Gmail contacts. Mozilla prioritised a bug fix shortly after the full impact of the bug became apparent.

Short for Java Archive, the jar: protocol is used to compress Java classes and other types of files into a single file. Unfortunately, the jar: protocol handler in Firefox (prior to the fix) failed to validate the MIME type of the contents of an archive, which would then be executed in the context of a trusted site.

The latest update is the tenth from Mozilla in little more than a year since the release of Firefox 2.0 in October 2006. ®

comment icon Read 10 comments on this article alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe