Serious New Java Flaw Affects All Browsers

Trailrunner7 writes "There is a serious vulnerability in Java that makes all current browsers vulnerable to simple Web-based attacks that could lead to a complete compromise of the affected system. Two separate researchers released information on the vulnerability on Friday, saying that it has been present in Java for years. The problem lies in the Java Web Start framework, a technology that Sun Microsystems developed to enable the simplified deployment of Java applications. In essence, the JavaWS technology fails to validate parameters passed to it from the command line, and attackers can control those parameters using specific HTML tags on a Web page, researcher Ruben Santamarta said in an advisory posted Friday morning."

All browsers?

[K.+S.+Kyosuke]

Oh come, on. Shall I try it in Links? I've told you a million times that you're not supposed to overuse hyperboles.

Re:All browsers?

Perhaps, but if people have been getting bad java, they're going to need some ceramic parabolas right quick.

Re:All browsers?

[treeves]

Stick it in your latus rectum.

People have Java enabled in their browser?

[WindSword]

Wow! I never knew.

Re:Guess it's time to uncheck that box

[AchilleTalon]

Well, I am mainly writing Web client applications in Java to gain unauthorized access to your desktop.

Re:New?

[Culture20]

[_] Enable computer power

The ultimately in security, I've done it!

I didn't see a "*($^#@$@^$&&&... NO CARRIER". I call shenanigans!

HURRY!!!

Both users of Java Web Start need to be contacted immediately!