-Content sourced from Dailyapps.net
A Malicious exploit has been discovered in Firefox that would allow a Hacker to use a Malicious JAR file to get access to your Google Account and all your confidential information.
Firefox is falling into some serious trouble over the past few months, with more and more security exploits being discovered and being exploited. The latest threat involves the usage of a malicious JAR file. The flaw is still in the wild and the problem persists with the websites of Major Internet companies that includes Google. Beford.org has found a way to use the JAR exploit to get details of Google Accounts using a Malicious JAR file specially crafted to take advantage of the exploit.
Well I’m going to refrain myself from writing about the Exploit. I have tested this exploit on my own spare Google Account, and I can confirm that this works. Its better be to safe because Im not sure when exactly is Google and Mozilla planning to patch up the security holes. I suggest you download the NoScript addon for Firefox. Right now NoScript seems to be the only solution. If you are wondering what NoScript is, then here is what its developer has to say about it :
It allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, and guards the “trust boundaries” against cross-site scripting attacks (XSS). Such a preemptive approach prevents exploitation of security vulnerabilities (known and even unknown!) with no loss of functionality
The other way to stay safe would be to visit sites that you trust and not download anything that looks suspicious. Given the vastness of the Internet, however careful you are, this can be still a threat. Keep yourself signed out of all Accounts until this is patched. But do remember to stay safe.
This exploit was known to Mozilla for quite sometime and hasn’t still patched it. Given that this vulnerability affects both Google and Firefox lets see who gets this patched first.
No comments:
Post a Comment