Bugtraq mailing list archives
Re: Sun Java Plugin arbitrary package access vulnerability
From: Peter Greenwood <peterg () reel demon co uk>
Date: Thu, 25 Nov 2004 18:02:42 +0000
On Thu, 2004-11-25 at 05:00, Ken S wrote:
For browsing to unknown sites, it would appear that there is no need to uninstall the older versions, unless there is a way for the javascript code to call a lower version of the JRE. Hopefully, that's not possible.
Unfortunately it probably is; see http://java.sun.com/products/plugin/versions.html#answers In fact it may be possible to cause the download of a vulnerable version, in some cases. -- Peter Greenwood <peterg () reel demon co uk>
Current thread:
- Sun Java Plugin arbitrary package access vulnerability Jouko Pynnonen (Nov 23)
- Re: Sun Java Plugin arbitrary package access vulnerability Ken S (Nov 23)
- Re: Sun Java Plugin arbitrary package access vulnerability Alla Bezroutchko (Nov 25)
- Re: [Full-Disclosure] Re: Sun Java Plugin arbitrary package access vulnerability Exchange (Nov 25)
- Rumours about Opera Marc Schoenefeld (Nov 25)
- <Possible follow-ups>
- Re: Sun Java Plugin arbitrary package access vulnerability Ken S (Nov 25)
- Re: Sun Java Plugin arbitrary package access vulnerability Peter Greenwood (Nov 25)