Java/Script Alert: Cross-Platform Browser Vulnerability

← Back to Stories (view on slashdot.org)

Java/Script Alert: Cross-Platform Browser Vulnerability

Posted by timothy on Sunday June 8, 2003 @11:58AM from the vermin-at-work dept.

Ant writes "Synopsis: Opera, Mozilla & Netscape with javascript enabled are vulnerable to remote command execution. This has been tested on Microsoft, and many many Unices. Macintosh may also be vuln. Ironically enough, IE is unaffected." Update: 06/08 23:56 GMT by H : The problem seems to be one in the Java security model itself; but the evidence seems to be that if you turn off JavaScript, you turn off the vulnerability. Update: 06/09 00:56 GMT by T : According to this followup message from Mozilla security group member Daniel Veditz, the problem is actually one that's already been fixed in Mozilla 1.3, and not a remote command execution vulnerability at all. (Thanks to reader Jared Klett and others.)

12 of 314 comments (clear)

Min score:

Reason:

Sort:

All the more reason to avoid ALL java by Anonymous Coward · 2003-06-08 12:03 · Score: -1, Troll

All the more reason to avoid all JAVA. For the most part, if it can't be done with HTML, don't do it. No need to clutter up screens with all those Java bug crashes.
Har Har by Anonymous Coward · 2003-06-08 12:10 · Score: -1, Troll

It's so typical of open source browsers to have all these gaping security holes. They're just after money these days. What an evil group of geeks.

HARHARHAR, let the 'nix bashing commence. The tables have turned. I've been waiting forever!
If you saw this guy's other programs... by rasafras · 2003-06-08 12:17 · Score: 0, Troll

...you would probably find

int fo_sheezy;
char wassup;
double dawg;
float homie_g;

void homies(int truedat)
{
}

--
webpage
Re:Eh? by Anonymous Coward · 2003-06-08 12:48 · Score: -1, Troll

On Soviet Slashdot, YOU pay editors to report their dupes!
Update number 3 by Anonymous Coward · 2003-06-08 13:09 · Score: -1, Troll

My cock is dragging on the floor, help me!! someone cut it loose!
Re:Then by Anonymous Coward · 2003-06-08 13:30 · Score: -1, Troll

C: Stop engaging in toe-sex with skanks who don't douche on a regular basis. That will avoid the stinking puss problem.

Hint: It's "pus", not "puss".
"Brown Orifice" by Anonymous Coward · 2003-06-08 14:14 · Score: -1, Troll

I'm thinking that searching on Google might bring up different results for "brown orifice", of the click-here-its-goatse kind...
Re:WTF, over? by Anonymous Coward · 2003-06-08 15:01 · Score: -1, Troll

No--fuck YOU asshat!
Exactly - Java VM is fooled to run bad code by Anonymous Coward · 2003-06-08 16:13 · Score: 0, Troll

Whether the Java VM or the browser is at fault it does not matter - the net effect to the user is the same - the JVM runs untrusted code. If your personal information was stolen would you take pride in the fact the the JVM sandbox model did not fail, per se, but its security was simply circumvented?
Re:Ex-Squeeze-Me?! by Anonymous Coward · 2003-06-08 16:15 · Score: -1, Troll

Why don't you fucking just shut up.
You're really annoying herralding your "everything is fine" banner. Let the big boys talk now troll/script-kiddy... this is no time for being in denial.
mozilla sucks by Anonymous Coward · 2003-06-08 17:01 · Score: -1, Troll

mozilla sucks
Re:WTF, over? by Anonymous Coward · 2003-06-08 18:29 · Score: -1, Troll

developers, plug your holes