• Security Center
  • Security Advisories
  • Known Vulnerabilities
  • Bug Bounty
  • Security Blog

You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2011-59

Mozilla Foundation Security Advisory 2011-59

Title: .jar not treated as executable in Firefox 3.6 on Mac
Impact: Critical
Announced: December 20, 2011
Products: Firefox, Thunderbird

Fixed in: Firefox 3.6.25
  Thunderbird 3.1.17

Description

Part of the fix for MFSA 2011-40, reported by Mariusz Mlynski, was to treat .jar files as executables. This is necessary because Java treats downloaded .jar files as fully-featured "Applications" rather than restricting them to the limited privileges of in-browser "Applets". The fix taken in Firefox 3.6 was discovered to be incorrect for the Mac OS X version.

References

• https://bugzilla.mozilla.org/show_bug.cgi?id=704622
• CVE-2011-3666