There’s two really interesting threads, one on pdp’s site and one on Bedford’s site about the use of Firefox’s jar: directive to inject bad content into other people’s site (if they have redirectors in them). Pretty nasty stuff. Turning off all non HTTP directives in Firefox is probably a good idea at this point, given the sheer number of holes that have been identified there.
But this is just another in a list of reasons why Google really does need to shut down these redirectors. Normally it just involves people losing their identities or abusing the trust relationship people have with the Google.com domain. This one can actually steal your information from Google. I’ve been pushing on them for three years now to fix them, and they still haven’t. Granted, this jar: post is really a browser issue and not a redirector issue on Google specifically, but why risk people’s safety when they only purpose for those redirectors is to track their users? I for one vote to shut the redirectors down. Anyway, very interesting articles by pdp and Bedford!