digg

Facebook Connect Join Digg About

Firefox Security Threat - Google is vulnerable

dailyapps.net — A Malicious exploit has been discovered in Firefox that would allow a Hacker to use a Malicious JAR file to get access to your Google Account and all your confidential information.

Who dugg this? Made popular Nov 13, 2007

submitted by

inactive Nov 13, 2007

833 diggs
digg

130 Comments

doshindude, on 11/14/2007, -5/+91*prepares shotgun for "Get Opera" comments*
tybris, on 11/14/2007, -0/+80Malicious JARs, you don't see those every day.
WallnutBoy, on 11/15/2007, -3/+59Y'know... We could all move to Internet Explor..... {turns shotgun on self}
Typhoon2009, on 11/14/2007, -4/+56Who stole the cookie from the cookie jar? Vladimir stole the cookie from the cookie jar! "Who me?" "Yes you!" "Could not be, Comrade! I white hat hacker!" "Then who?"
victorycig, on 11/15/2007, -5/+39Bugzilla shows it was reported back in February. What happened to "ten ***** days"?
http://ha.ckers.org/blog/20070803/mozilla-says-ten ...
webcure, on 11/14/2007, -4/+37This sounds nasty, and as a Firefox user I hope they patch those holes soon. ()
erkokite, on 11/14/2007, -1/+23As opposed to what?
baalzebub, on 11/14/2007, -1/+22http://noscript.net/getit
latrosicarius, on 11/14/2007, -7/+26Firefox is #1 browser in the world. It is used by 100% of the population. (This statistic excludes idiots, morons, and retards from the sample population.)
Cl1mh4224rd, on 11/15/2007, -2/+19> "What happened to "ten ***** days"?"

It was stupid comment by one of the higher-ups, which was almost immediately retracted. Please pay attention.
baalzebub, on 11/14/2007, -0/+14you had to have clicked yes in a dialog box allowing Firefox to store that data, Firefox does not store personal data of that nature without the users consent...
zcreem, on 11/15/2007, -3/+17Nothing if you like overly dressed women singing in forced voices, not to mention fat Italians trying to seduce them.
zachblume, on 11/14/2007, -1/+13Dude.
AdHaR, on 11/14/2007, -0/+12Haven't got time yet to upgrade from Windows 95?
VenTatsu, on 11/15/2007, -0/+12There is Lynx, Links, and Links2. Links2 does full ANSI color, tables, and frames.
dkoon, on 11/15/2007, -12/+23Lies! This must be those Microsoft's FUD, Open Source softwares do not have bugs or holes or whatever; only Microsoft softwares have bugs. (Learned from Digg)
latrosicarius, on 11/14/2007, -2/+12Fail.
dynacrylic, on 11/14/2007, -0/+10I'd bet that Google will work to patch something on their end first. Regardless, it still leaves other sites with open redirect issues at risk when using Firefox.
Slayback, on 11/14/2007, -0/+8And I just received an update today as well. The latest version:
V. 1.1.8 "JAR Jammer" :)
withincontext, on 11/14/2007, -0/+8We call that "degrading gracefully" in the biz.
barktwiggs, on 11/14/2007, -3/+10Yeah, I hear that Opera browser is susceptible to poorly animated Trojans.
kcap122, on 11/15/2007, -2/+9I heard if you type Google into Google, you can break the internet.
toastgodsupreme, on 11/14/2007, -0/+7Just installed it. Amazing how much faster some sites load with scripts off. Jesus, some are instant now. And I'm not seeing much loss in functionality either. :)
BritishGolgo13, on 11/15/2007, -2/+8Let's play with that sentence, shall we?

"o god, i'm on fire! Fox, now (do a barrel roll)!"
Mehster, on 11/14/2007, -0/+6It is also partially the fault of the web developer for the site you are viewing. There are extremely simple ways to tell the browser to not allow autocomplete on certain form fields.
000dom000, on 11/15/2007, -1/+61 syllable words arn't gonna save you now
mocheeze, on 11/14/2007, -0/+5Must be IceWeasel
rodnovca, on 11/14/2007, -1/+6Anyone who keeps confidential information on Google is an idiot!
r3bol, on 11/14/2007, -0/+5Enable Java: Unchecked
naugrim, on 11/15/2007, -2/+7How ***** up would it be if the site digg redirects you to, which contains the article, had a tweaked script which utilized this exploit.
*dons tinfoil hat*
xcheats, on 11/14/2007, -1/+6Best comment I've seen this month. Props. for the creativity.
barktwiggs, on 11/14/2007, -2/+7I thought it was Lynx...
MacSuxWindozSux, on 11/15/2007, -0/+5No Script - https://addons.mozilla.org/en-US/firefox/addon/722
ptFoe, on 11/14/2007, -1/+5yes the Cookie JAR
inactive, on 11/14/2007, -0/+4And you can decide which scripts to load after the page initially loads allowing you to see what the heck the site is all about.
mvent2, on 11/14/2007, -0/+4Uh, thats called "autocomplete".
thefandango, on 11/14/2007, -3/+7Jelly.....EVIL Jelly....
trogdoor, on 11/14/2007, -0/+4JAR files are not only used for Java.
cherwilco, on 11/14/2007, -1/+5Dumbest....comment.....ever

you DO know that neither firefox OR google are microsoft products dont you? oh and you fail at trying to start a flame war unless you count people pointing out how ***** retarded you are ;~)
Drood, on 11/14/2007, -0/+4Surely turning Java off would prevent it as well wouldn't it? Since I've yet to find any real use for Java. (Not a troll in any way. I've genuinely never found a real reason to have Java on. My bank doesn't use it and nowhere else I ever visit uses Java for any purpose other than to annoy.)
inactive, on 11/14/2007, -1/+5firefox in disguise.... ITS A TRAP!
SeBBBe, on 11/15/2007, -3/+6GET LINKS! ;)
thebellmaster1x, on 11/14/2007, -0/+3Tools>Clear Private Data
inactive, on 11/15/2007, -3/+6NO SCRIPT rocks. I've been using it since it came out. With NO SCRIPT and Firefox you do away with most hacks against your system.
HonoredMule, on 11/13/2007, -0/+3So just out of curiosity's sake, how vulnerable is someone who has java disabled in firefox? I've no use for that crap anyway, and have always had java disabled. No one ever seems to use it in web pages anymore anyway, and good riddance.

Also, I'm a little confused as to how this JAVA code vulnerability is browser specific and not a JRE issue.
rock774, on 11/14/2007, -0/+3Google imap server is very slow right now !
everybody changing passwords ?
trogdoor, on 11/14/2007, -0/+3Just because it uses the JAR protocol does not mean that it uses the Java plugin.

If you see Jar Jar Binks when you click this link then you are vulnerable ( it's not malicious, but you really shouldn't trust me on that ;)

Edit: It seems Digg doesn't parse the jar: here is the URL: jar:ht tp://groups.google.com/searchhistory/url?url=http://beford.org/stuff/htm.jar!/htm.htm
jameson71, on 11/14/2007, -1/+4eh, nevermind. I went to the bugzilla and read the actual bug report. Which actually explains hte issue unlike this inflamatory and uninformative article.
teampoop, on 11/14/2007, -0/+3Malicious Pirate Java

Jarrrrs
obxjdt, on 11/14/2007, -0/+3Wow, I thought everyone used no script, ad block, & flash block with firefox....
Show 51 - 100 of 127 discussions
Add a Comment

Login or register to comment!
Or, sign-in super fast with your Facebook account ...

Site Links: Home; Take a Tour; Search Digg; Digg Mobile; RSS Feeds; Popular Archive

Help: Frequent Questions; How Digg Works; Report a Website Bug

All About Digg: About Us; Contact Us; Community Guidelines; The Digg Blog; Digg Townhalls & Meetups; Jobs at Digg; Advertise on Digg; Diggnation Podcast

Digg Store: Get hats, shirts, hoodies, stickers, and more at the Digg Store.

Digg Tools & API: All Digg Tools; DiggBar Tools; Firefox Toolbar; Twitter Feeds; Add Digg to Google; Netvibes Widget; Integrate Digg Buttons; Digg Badges; Make a Digg Widget; API for Developers

Digg Dialogg!: Digg Dialogg lets you choose the questions.

Digg Labs: Get a real-time view beneath the surface of Digg.; Digg Labs Home; Arc, Swarm, Stack, Bigspy, Pics

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.