Sun have confirmed a couple of security flaws with the Java plug-in. They said the more serious of the two vulnerabilities could allow an untrusted applet to elevate privileges through JavaScript calling into Java code.
For example, an untrusted applet may grant itself permissions to read and write local files, or may execute local applications that are accessible to the user running the untrusted applet.
A second bug may allow an untrusted applet to inappropriately interfere with another applet in the same Web page.
Read more Sun Fixes Critical Java Plug-In Flaws
-
Sun Fixes Critical Java Plug-In Flaws (3 messages)
- Posted by: Dion Almaer
- Posted on: January 25 2005 10:50 EST
Threaded Messages (3)
- Sun Fixes Critical Java Plug-In Flaws by han theman on January 26 2005 02:38 EST
- deja vu? by JT Wenting on January 26 2005 02:42 EST
- deja vu? by Diamond Geeza on January 26 2005 03:51 EST
-
Sun Fixes Critical Java Plug-In Flaws[ Go to top ]
- Posted by: han theman
- Posted on: January 26 2005 02:38 EST
- in response to Dion Almaer
"I did not engage inappropriate relations with that applet" -
deja vu?[ Go to top ]
- Posted by: JT Wenting
- Posted on: January 26 2005 02:42 EST
- in response to Dion Almaer
Anyone know when this article was written (instead of published...)?
It reads almost word for word (including the affected JVM versions) like something that was already fixed months ago. -
deja vu?[ Go to top ]
- Posted by: Diamond Geeza
- Posted on: January 26 2005 03:51 EST
- in response to JT Wenting
Yeah, TSS are getting really sloppy. This is, like, *so* last week.