My beloved (and perhaps yours) Firefox web browser took another shot in the backside over the weekend with the disclosure that a vulnerability in the popular web browser can leak your Gmail info. Yeah, see that’s not good. Especially when you take into account that the cast majority of security folks use Gmail and Macs for that matter (not all, I said most). Evidence of this can be seen by attending Black Hat or Defcon.
But, I digress.
From PC World:
A 302 redirect error in Google, discovered by bedford.org’s Morgan Lowtech aka tx, creates a domain-wide cross-site scripting attack allowing hackers to gain access and modify Google user accounts including e-mails, contact lists and online presence.
An example of the redirect error is here, while bedford.org has created a proof of concept link that reveals user Gmail contact lists.
While Mozilla has not issued a solution to the problem, application firewalls and proxy servers can be used to block Windows Universal Resource Identifiers (URIs) that contain the JAR protocol, while Web administrators can use a reverse proxy to prevent malicious content from being uploaded.
Users can download a NoScript add-on for Firefox to block JavaScript and executable content from untrusted Web sites, and can secure their Google accounts by remaining signed out whenever possible.
[tags]Firefox Vuln, Gmail Capture, XSS, Mozilla Exploit[/tags]
