{"id":256,"date":"2007-11-17T12:55:45","date_gmt":"2007-11-17T19:55:45","guid":{"rendered":"https:\/\/www.zubairalexander.com\/stage\/archives\/256"},"modified":"2007-11-18T13:03:29","modified_gmt":"2007-11-18T20:03:29","slug":"firefox-exploit-can-hack-gmail","status":"publish","type":"post","link":"https:\/\/www.zubairalexander.com\/blog\/firefox-exploit-can-hack-gmail\/","title":{"rendered":"Firefox Exploit can Hack Gmail"},"content":{"rendered":"

Mozilla has taken another security blow with the discovery that Google user accounts can be accessed through a dangerous Firefox exploit.<\/p>\n

The vulnerability, which is still in the wild some 10 days after its discovery on gnucitizen.org, allows hackers to access Google accounts, including Gmail, with cross-site scripting attacks.<\/p>\n

A client or server-side exploit can be inserted into .zip files via open document formats from Microsoft Office 2007 and OpenOffice, and uploaded to a server where the Firefox JAR protocol extracts the compressed data.<\/p>\n

While Mozilla has not issued a solution to the problem, application firewalls and proxy servers can be used to block Windows Universal Resource Identifiers (URIs) that contain the JAR protocol, while Web administrators can use a reverse proxy to prevent malicious content from being uploaded.<\/p>\n

Users can download a NoScript add-on for Firefox to block JavaScript and executable content from untrusted Web sites, and can secure their Google accounts by remaining signed out whenever possible.<\/p>\n

Read this entire story as reported by PC World<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Mozilla has taken another security blow with the discovery that Google user accounts can be accessed through a dangerous Firefox exploit. The vulnerability, which is still in the wild some 10 days after its discovery on gnucitizen.org, allows hackers to access Google accounts, including Gmail, with cross-site scripting attacks. A client or server-side exploit can […]<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[25,7,24],"tags":[],"class_list":["post-256","post","type-post","status-publish","format-standard","hentry","category-browsers","category-news","category-security"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t