Firefox Exploit can Hack Gmail
Mozilla has taken another security blow with the discovery that Google user accounts can be accessed through a dangerous Firefox exploit.
The vulnerability, which is still in the wild some 10 days after its discovery on gnucitizen.org, allows hackers to access Google accounts, including Gmail, with cross-site scripting attacks.
A client or server-side exploit can be inserted into .zip files via open document formats from Microsoft Office 2007 and OpenOffice, and uploaded to a server where the Firefox JAR protocol extracts the compressed data.
While Mozilla has not issued a solution to the problem, application firewalls and proxy servers can be used to block Windows Universal Resource Identifiers (URIs) that contain the JAR protocol, while Web administrators can use a reverse proxy to prevent malicious content from being uploaded.
Read this entire story as reported by PC World.