Gmail Users at the Mercy of Firefox Exploit
Even though Firefox is advertised as the most secure Internet browser available in the market, it is not free from flaws.
Bedford.org has pursued the idea and has installed proof-of-concept pictures of how this could be utilized to hack a Gmail account. After hacking into the account, they could exploit the contacts and open all the messages. They found that this very breach could be utilized to infiltrate numerous social networking sites.
Bedford.org's Morgan Lowtech (alias tx) detected a 302 redirect flaw in Google, which produced a domain-wide cross-site scripting attack letting cyber-terrorists to hack into and alter Google accounts containing messages and contact lists along with Internet presence, as reported by PC World on November 17, 2007.
Though Mozilla has not offered an answer to this trouble, program firewalls and proxy servers can be utilized to impede Windows Universal Resource Identifiers (URIs) that holds the JAR protocol vulnerabilities. Meanwhile, Web administrators can take the help of reverse proxy to stop malware from being uploaded.
It's a massive problem that has been on Bugzilla (Mozilla's bug tracking program) for over ten days, making the situation worse, alleged Bedford, according to news reported by COMPUTERWORLD on November 18, 2007. Bedford's reference of ten days was alluding to a remark made by Mozilla's director of ecosystem development, Mike Shaver, in summer 2006, that Mozilla patched bugs within that specific timeframe.
Meanwhile, the best protection is to either execute NoScript, or exit the Gmail account frequently, but that appears to be a remote possibility for majority of Gmail users.
In September, yet another strike was detected that carried URI bugs with the help of mailto, nntp, news, and snews without authorization. The bug, which had affected both Microsoft Internet Explorer and Firefox, was ineffectively fixed two times in July.
Related article: Gmail’s Security Hole Could Allow Mass Spam
» SPAMfighter News - 01-12-2007