A cross site scripting flaw was found in the way Firefox handles the jar: URI scheme. It is possible for a malicious web site to leverage this flaw to possibly conduct a cross site scripting attack against a Firefox user.
Lifting embargo
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2007-1084.html http://rhn.redhat.com/errata/RHSA-2007-1082.html http://rhn.redhat.com/errata/RHSA-2007-1083.html