Slashdot Mirror

← Back to Stories (view on slashdot.org)

Java/Script Alert: Cross-Platform Browser Vulnerability

Posted by timothy on from the vermin-at-work dept.

Ant writes "Synopsis: Opera, Mozilla & Netscape with javascript enabled are vulnerable to remote command execution. This has been tested on Microsoft, and many many Unices. Macintosh may also be vuln. Ironically enough, IE is unaffected." Update: 06/08 23:56 GMT by H : The problem seems to be one in the Java security model itself; but the evidence seems to be that if you turn off JavaScript, you turn off the vulnerability. Update: 06/09 00:56 GMT by T : According to this followup message from Mozilla security group member Daniel Veditz, the problem is actually one that's already been fixed in Mozilla 1.3, and not a remote command execution vulnerability at all. (Thanks to reader Jared Klett and others.)

17 of 314 comments (clear)

  1. "Macintosh may also be vuln." by Anonymous Coward · · Score: 4, Funny

    If you can't be bothered to write out entire words, don't post articles to slashdot.

    It's not like you were tight on space there.

    1. Re:"Macintosh may also be vuln." by anthroboy · · Score: 3, Funny

      Word up. I mean, WU, you Anon. Cow.. Truth be told, though, I'm far less horrified by this needless abbreviation than I am by the crude abbreviation of vulnerable to 'vuln.' Just what could possbily inspire one to think, "You know, 'vulnerable' is more or less redundant by the time you get to that 'erable' part." How vulg. of you. I'd go so far as to say that you must be stup. and laz. to abbrev. that way. -Since., Anthroboy

  2. Oh darn... by wmspringer · · Score: 4, Funny

    Does this mean I have to download a patch for Mozilla tomorrow to fix this? ;-)

    --
    Twenties Retirement
  3. No, Alanis... by ari_j · · Score: 3, Funny

    That's not ironic. It's unusual, yes, but not ironic.

  4. Linux protects me well. by Reservoir+Penguin · · Score: 2, Funny

    Thats OK, I couldnt even install the java plugin on linux, because apparently the java plugin was compiled with pre 3.X gcc and mozilla 1.4 itself was compiled with gcc 3+, is there a compatible java plugin for recent mozilla somewhere?

    --
    US-UK-Israel: The real Axis of Evil
  5. So... by Faust7 · · Score: 3, Funny
    Let no hat, black white or grey, wander in on or about the www without fear.

    ...Red's up in the air, then?

    --
    The coolest voice ever.
  6. Re:Ironic? by archen · · Score: 2, Funny

    It's ironic because Alanis Morissette managed to single handily confuse people with what occasion they should use the word "oddly".

  7. Timesaver - The most common comments you'll see by buzzcutbuddha · · Score: 5, Funny
    The advisory states that Internet Explorer isn't affected by this vulnerability. Before someone else states it, I'll get them out of the way, silly as they may be:
    • "This must have been posted by Microsoft as FUD to get people to stay away from superior products! It's all a trick! Don't listen!"
    • "What's up Taco? I thought April Fools had passed!"
    • "Javascript serves no purpose ever, and why anyone would ever use it is beyond me!"
    • "This is why we should all be using IE. I've never had a problem with IE security! Linux [l]users sux0rs!"
    Did I miss any?
    1. Re:Timesaver - The most common comments you'll see by eMartin · · Score: 2, Funny

      "Did I miss any?"

      I'd say so, considering 90% of the posts below are complaining about the fact that Java and Javascript were mentioned in the same article.

  8. SO!!!! by Anonymous Coward · · Score: 1, Funny

    Let no hat, black white or grey, wander in on or about the www without fear.
    ...Red's up in the air, then?

    So are your chances of getting laid before thirty. Time for a prostitute or a switch to the other side.

  9. Re:Obligatory rant by rasafras · · Score: 5, Funny

    Well, it seems I was wrong. Oops. The editors'll probably repost the article in a day or two anyway, maybe they'll fix it then.

    --
    webpage
  10. Re:trainwreck by Anonymous Coward · · Score: 0, Funny

    Just wait for the dupe.

  11. Re:trainwreck by fm6 · · Score: 2, Funny

    Surely you jest. What about all those "Ask Slashdot: What's a computer" stories? Not to mention Aimee Deep!

  12. stating the obvious by Anonymous Coward · · Score: 1, Funny
    "...if you turn off JavaScript, you turn off the vulnerability."

    Gee, if I turn off my computer completely, I am 100% immune to all the viruses that ever existed, plus all future viruses.

  13. Re:Read _Any_ File? by ruprechtjones · · Score: 2, Funny

    > which allows a remote site to read any file on the > client machine

    That's why I keep my any file hidden away, accessible only by pressing the any key.

    --
    Kip Hawley is an idiot.
  14. Re:Ouch, again! by Sonicated · · Score: 5, Funny

    Slashdot, you're like a second home to me, but please don't post stories like this any more. It's embarrasing. Try to look at the article, read it and evaluate it for validity before posting it.

    Aww, that almost brings a tear to my eye. I'm going to hate to see how the dupe affects you..

    :)

  15. Re:MODERATE! by akpcep · · Score: 2, Funny

    He's caught a lot of fish and is about to apply some perfume?

    --
    Hmmm.