JAR: protocol vuln – targeting to Google now
According to the report of pdp several Web sites supporting open redircts are vulnerable to recent JAR: protocol vulnerability.
More information about these XSS vulnerabilities (hey, these are serious now!) is available at GNUCITIZEN entry here:
Update 26th Nov: The author of Beford Blog has shared information that his “jarjarbinks.htm” PoC type link still works – when entering it manually to browser’s address bar. Google is still affected to JAR flaw.