Mozilla still working on JAR: protocol flaw
It was 11 day ago when JAR: protocol vulnerability in Firefox was reported by pdp.
According to Bugzilla entry #369814 upcoming Firefox 18.104.22.168 (tests done with Gecko/2007111504) are immune to this vulnerability.
A Mozilla Security Blog entry posted by Mozilla security chief Window Snyder has been released too.
The fact is that the Bugzilla report mentioned was filed as security sensitive on 8th Feb already. The disclosure of Petkov made it public.