Mozilla developer Daniel Veditz reported that when the jar: scheme is used to wrap a URI which serves the content with Content-Disposition: attachement, the HTTP header is ignored and the content is unpacked and displayed inline. A site may depend on this HTTP header to prevent potentially untrusted content that it serves from executing within the context of the site. An attacker could use this vulnerability to subvert sites using this mechanism to mitigate content injection attacks.
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 2.1 Via RHSA-2009:0437 https://rhn.redhat.com/errata/RHSA-2009-0437.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2009:0436 https://rhn.redhat.com/errata/RHSA-2009-0436.html
xulrunner-1.9.0.9-1.fc9, firefox-3.0.9-1.fc9, epiphany-extensions-2.22.1-10.fc9, epiphany-2.22.2-10.fc9, blam-1.8.5-8.fc9.1, chmsee-1.0.1-11.fc9, devhelp-0.19.1-11.fc9, evolution-rss-0.1.0-10.fc9, galeon-2.0.7-9.fc9, gnome-python2-extras-2.19.1-26.fc9, gnome-web-photo-0.3-20.fc9, google-gadgets-0.10.5-5.fc9, gtkmozembedmm-1.4.2.cvs20060817-28.fc9, kazehakase-0.5.6-4.fc9.1, Miro-2.0.3-3.fc9, mozvoikko-0.9.5-9.fc9, mugshot-1.2.2-8.fc9, ruby-gnome2-0.17.0-8.fc9, totem-2.23.2-14.fc9, yelp-2.22.1-11.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
xulrunner-1.9.0.9-1.fc10, firefox-3.0.9-1.fc10, epiphany-extensions-2.24.0-7.fc10, epiphany-2.24.3-5.fc10, blam-1.8.5-9.fc10, devhelp-0.22-7.fc10, galeon-2.0.7-9.fc10, gecko-sharp2-0.13-7.fc10, gnome-python2-extras-2.19.1-29.fc10, gnome-web-photo-0.3-17.fc10, google-gadgets-0.10.5-5.fc10, kazehakase-0.5.6-4.fc10.1, Miro-2.0.3-3.fc10, mozvoikko-0.9.5-9.fc10, mugshot-1.2.2-8.fc10, pcmanx-gtk2-0.3.8-8.fc10, perl-Gtk2-MozEmbed-0.08-5.fc10.2, ruby-gnome2-0.18.1-5.fc10.1, yelp-2.24.0-8.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:1126 https://rhn.redhat.com/errata/RHSA-2009-1126.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2009:1125 https://rhn.redhat.com/errata/RHSA-2009-1125.html