Bugtraq mailing list archives
Netscape's Java Security Hole
From: chris () RITC CO UK
Date: Sun, 6 Aug 2000 15:57:00 +0100
Hi all, This probably isn't ripe for release yet, given that Netscape hasn't fixed it yet, but unfortunately the whole world knows about it now that it's been on SlashDot. Basically, an unsigned Java applet in Netscape can read any file on the system AND act as a web server, serving those files to anywhere in the world. This is due to a bug in Java and a bug in Netscape. http://www.brumleve.com/BrownOrifice/ Ciao, Chris. ___ __ _ / __// / ,__(_)_ | Chris Wilson <chris () ritc co uk> | Phone: 01223 503 190 | / (_ / ,\/ _/ /_ \ | Unix Systems & Network Engineer | RITC (Cambridge) Ltd | \ _//_/_/_//_/___/ +-- Perl/C/Web/Java Programming --+ Cambridge CB3 0DG UK |
Current thread:
- Netscape's Java Security Hole chris (Aug 07)