Serious New Java Flaw Affects All Browsers

Trailrunner7 writes "There is a serious vulnerability in Java that makes all current browsers vulnerable to simple Web-based attacks that could lead to a complete compromise of the affected system. Two separate researchers released information on the vulnerability on Friday, saying that it has been present in Java for years. The problem lies in the Java Web Start framework, a technology that Sun Microsystems developed to enable the simplified deployment of Java applications. In essence, the JavaWS technology fails to validate parameters passed to it from the command line, and attackers can control those parameters using specific HTML tags on a Web page, researcher Ruben Santamarta said in an advisory posted Friday morning."

All browsers?

[K.+S.+Kyosuke]

Oh come, on. Shall I try it in Links? I've told you a million times that you're not supposed to overuse hyperboles.

Re:All browsers?

Perhaps, but if people have been getting bad java, they're going to need some ceramic parabolas right quick.

Re:All browsers?

[treeves]

Stick it in your latus rectum.

People have Java enabled in their browser?

[WindSword]

Wow! I never knew.

This is Javocalypse

Really.

Re:Guess it's time to uncheck that box

[AchilleTalon]

Well, I am mainly writing Web client applications in Java to gain unauthorized access to your desktop.

Re:New?

[Culture20]

[_] Enable computer power

The ultimately in security, I've done it!

I didn't see a "*($^#@$@^$&&&... NO CARRIER". I call shenanigans!

HURRY!!!

Both users of Java Web Start need to be contacted immediately!

Re:Article Contents

After all any geek here at /. can get a system fully running and tweaked nicely in a couple of hours, how long would it take to replace that only copy of your vacation photos, or that only copy of your late grandmother's last Xmas here on earth?

Backups.
Wanna hear somehing amazing? If your root/admin account is safe you can store those on the same computer!