Slashdot Mirror

← Back to Stories (view on slashdot.org)

Java/Script Alert: Cross-Platform Browser Vulnerability

Posted by timothy on from the vermin-at-work dept.

Ant writes "Synopsis: Opera, Mozilla & Netscape with javascript enabled are vulnerable to remote command execution. This has been tested on Microsoft, and many many Unices. Macintosh may also be vuln. Ironically enough, IE is unaffected." Update: 06/08 23:56 GMT by H : The problem seems to be one in the Java security model itself; but the evidence seems to be that if you turn off JavaScript, you turn off the vulnerability. Update: 06/09 00:56 GMT by T : According to this followup message from Mozilla security group member Daniel Veditz, the problem is actually one that's already been fixed in Mozilla 1.3, and not a remote command execution vulnerability at all. (Thanks to reader Jared Klett and others.)

13 of 314 comments (clear)

  1. Eh? by slimey_limey · · Score: -1, Offtopic

    Why is the update listed as two minutes before the actual post of the article?

    nth post, where n is a number >1

    --
    ☠
    1. Re:Eh? by Ken@WearableTech · · Score: 1, Offtopic

      If you ask questions, one day you may disa...

    2. Re:Eh? by Anonymous Coward · · Score: -1, Offtopic

      Subscribers see the story twenty minutes in advance and can spot dupes and check out the links before it gets slashdotted.

  2. You've discovered their secret by Anonymous Coward · · Score: -1, Offtopic

    Yes, Slashdot owns a time machine, and they make frequent use of it. Using the time machine and stock market manipulation, Slashdot is able to make money and stay alive.

    1. Re:You've discovered their secret by slimey_limey · · Score: -1, Offtopic

      Thanks for the insider info. I assume that that's why you're posting as AC.

      Where can I get that time machine?

      --
      ☠
  3. Audit your code!!!11 by Znonymous+Coward · · Score: -1, Offtopic

    Now is the time for developers to _seriously_ start working on killing holes in Linux based applications. As linux adoption continues to soar, so will the number big problems. It could leave a black eye on the community if we have a BugBear/CodeRed/Slamer type incident. Everyone should audit their code often so a cracker can't audit you first.

    --

    Karma: The shiznight, mostly because I am the Drizzle.

  4. Re:trainwreck by ggruschow · · Score: 1, Offtopic
    this may very well be the worst slashdot story ever.

    This is nothing compared to the article on a "Cross-Platform Browser Bug: Java+JavaScript" I'm sure we'll see tomorrow.

  5. Re:trainwreck by Anonymous Coward · · Score: -1, Offtopic

    the AC below you just said that.

  6. Not to be a spelling nazi, but... by Anonymous Coward · · Score: -1, Offtopic

    Linux [l]users sux0rs!

    That's "sux0rz," d00d.

  7. Re:Then by Ken@WearableTech · · Score: 0, Offtopic

    You took it seriously and missed the point dumba;:

  8. Re:Then by Anonymous Coward · · Score: -1, Offtopic

    Infected-toenail boi who can't spell a friggin' THREE LETTER WORD gets "interesting". Spelling correction gets "troll".

    Yep, that's the Slashdot I know and love.

  9. Re:"Macintosh may also be vuln." by Anonymous Coward · · Score: -1, Offtopic

    i think "vuln" is the french word for "vagina".

  10. Re:WTF, over? by Anonymous Coward · · Score: -1, Offtopic

    no, here is a hole!