Slashdot Mirror

← Back to Stories (view on slashdot.org)

Java/Script Alert: Cross-Platform Browser Vulnerability

Posted by timothy on from the vermin-at-work dept.

Ant writes "Synopsis: Opera, Mozilla & Netscape with javascript enabled are vulnerable to remote command execution. This has been tested on Microsoft, and many many Unices. Macintosh may also be vuln. Ironically enough, IE is unaffected." Update: 06/08 23:56 GMT by H : The problem seems to be one in the Java security model itself; but the evidence seems to be that if you turn off JavaScript, you turn off the vulnerability. Update: 06/09 00:56 GMT by T : According to this followup message from Mozilla security group member Daniel Veditz, the problem is actually one that's already been fixed in Mozilla 1.3, and not a remote command execution vulnerability at all. (Thanks to reader Jared Klett and others.)

2 of 314 comments (clear)

  1. If you saw this guy's other programs... by rasafras · · Score: 0, Troll

    ...you would probably find

    int fo_sheezy;
    char wassup;
    double dawg;
    float homie_g;

    void homies(int truedat)
    {
    }

    --
    webpage
  2. Exactly - Java VM is fooled to run bad code by Anonymous Coward · · Score: 0, Troll

    Whether the Java VM or the browser is at fault it does not matter - the net effect to the user is the same - the JVM runs untrusted code. If your personal information was stolen would you take pride in the fact the the JVM sandbox model did not fail, per se, but its security was simply circumvented?