Java/Script Alert: Cross-Platform Browser Vulnerability

Posted by timothy on Sunday June 8, 2003 @11:58AM from the vermin-at-work dept.

Ant writes "Synopsis: Opera, Mozilla & Netscape with javascript enabled are vulnerable to remote command execution. This has been tested on Microsoft, and many many Unices. Macintosh may also be vuln. Ironically enough, IE is unaffected." Update: 06/08 23:56 GMT by H : The problem seems to be one in the Java security model itself; but the evidence seems to be that if you turn off JavaScript, you turn off the vulnerability. Update: 06/09 00:56 GMT by T : According to this followup message from Mozilla security group member Daniel Veditz, the problem is actually one that's already been fixed in Mozilla 1.3, and not a remote command execution vulnerability at all. (Thanks to reader Jared Klett and others.)

3 of 314 comments (clear)

Min score:

Reason:

Sort:

Re:Eh? by Ken@WearableTech · 2003-06-08 12:11 · Score: 1, Offtopic

If you ask questions, one day you may disa...
Re:trainwreck by ggruschow · 2003-06-08 12:51 · Score: 1, Offtopic

this may very well be the worst slashdot story ever.
This is nothing compared to the article on a "Cross-Platform Browser Bug: Java+JavaScript" I'm sure we'll see tomorrow.
Re:Then by Ken@WearableTech · 2003-06-08 13:28 · Score: 0, Offtopic

You took it seriously and missed the point dumba;: