Slashdot Mirror

← Back to Stories (view on slashdot.org)

Java/Script Alert: Cross-Platform Browser Vulnerability

Posted by timothy on from the vermin-at-work dept.

Ant writes "Synopsis: Opera, Mozilla & Netscape with javascript enabled are vulnerable to remote command execution. This has been tested on Microsoft, and many many Unices. Macintosh may also be vuln. Ironically enough, IE is unaffected." Update: 06/08 23:56 GMT by H : The problem seems to be one in the Java security model itself; but the evidence seems to be that if you turn off JavaScript, you turn off the vulnerability. Update: 06/09 00:56 GMT by T : According to this followup message from Mozilla security group member Daniel Veditz, the problem is actually one that's already been fixed in Mozilla 1.3, and not a remote command execution vulnerability at all. (Thanks to reader Jared Klett and others.)

5 of 314 comments (clear)

  1. "Macintosh may also be vuln." by Anonymous Coward · · Score: 4, Funny

    If you can't be bothered to write out entire words, don't post articles to slashdot.

    It's not like you were tight on space there.

  2. Oh darn... by wmspringer · · Score: 4, Funny

    Does this mean I have to download a patch for Mozilla tomorrow to fix this? ;-)

    --
    Twenties Retirement
  3. Timesaver - The most common comments you'll see by buzzcutbuddha · · Score: 5, Funny
    The advisory states that Internet Explorer isn't affected by this vulnerability. Before someone else states it, I'll get them out of the way, silly as they may be:
    • "This must have been posted by Microsoft as FUD to get people to stay away from superior products! It's all a trick! Don't listen!"
    • "What's up Taco? I thought April Fools had passed!"
    • "Javascript serves no purpose ever, and why anyone would ever use it is beyond me!"
    • "This is why we should all be using IE. I've never had a problem with IE security! Linux [l]users sux0rs!"
    Did I miss any?
  4. Re:Obligatory rant by rasafras · · Score: 5, Funny

    Well, it seems I was wrong. Oops. The editors'll probably repost the article in a day or two anyway, maybe they'll fix it then.

    --
    webpage
  5. Re:Ouch, again! by Sonicated · · Score: 5, Funny

    Slashdot, you're like a second home to me, but please don't post stories like this any more. It's embarrasing. Try to look at the article, read it and evaluate it for validity before posting it.

    Aww, that almost brings a tear to my eye. I'm going to hate to see how the dupe affects you..

    :)