Java/Script Alert: Cross-Platform Browser Vulnerability

Ant writes "Synopsis: Opera, Mozilla & Netscape with javascript enabled are vulnerable to remote command execution. This has been tested on Microsoft, and many many Unices. Macintosh may also be vuln. Ironically enough, IE is unaffected." Update: 06/08 23:56 GMT by H : The problem seems to be one in the Java security model itself; but the evidence seems to be that if you turn off JavaScript, you turn off the vulnerability. Update: 06/09 00:56 GMT by T : According to this followup message from Mozilla security group member Daniel Veditz, the problem is actually one that's already been fixed in Mozilla 1.3, and not a remote command execution vulnerability at all. (Thanks to reader Jared Klett and others.)

Timesaver - The most common comments you'll see

[buzzcutbuddha]

The advisory states that Internet Explorer isn't affected by this vulnerability. Before someone else states it, I'll get them out of the way, silly as they may be:

• "This must have been posted by Microsoft as FUD to get people to stay away from superior products! It's all a trick! Don't listen!"
• "What's up Taco? I thought April Fools had passed!"
• "Javascript serves no purpose ever, and why anyone would ever use it is beyond me!"
• "This is why we should all be using IE. I've never had a problem with IE security! Linux [l]users sux0rs!"

Did I miss any?

Re:Obligatory rant

[rasafras]

Well, it seems I was wrong. Oops. The editors'll probably repost the article in a day or two anyway, maybe they'll fix it then.

Re:Ouch, again!

[Sonicated]

Slashdot, you're like a second home to me, but please don't post stories like this any more. It's embarrasing. Try to look at the article, read it and evaluate it for validity before posting it.

Aww, that almost brings a tear to my eye. I'm going to hate to see how the dupe affects you..

:)