Full Disclosure mailing list archives
Re: Java Deployment Toolkit Performs Insufficient Validation of Parameters
From: Nick Boyce <nick.boyce () gmail com>
Date: Sat, 17 Apr 2010 03:56:48 +0100
On Fri, Apr 9, 2010 at 12:08 PM, Tavis Ormandy <taviso () sdf lonestar org> wrote:
------------------- Mitigation -----------------------
[...]
- Mozilla Firefox and other NPAPI based browser users can be protected using File System ACLs to prevent access to npdeploytk.dll.
Just for the record (since I had to go hunting to find out), Giorgio Maone says NoScript will protect Firefox users (so long as you haven't whitelisted the relevant website for other purposes) : http://forums.informaction.com/viewtopic.php?f=8&t=4207 As a lot of folks are concluding, it's better to just uninstall Java altogether (at least till Soracle sorts out the various appalling design decisions they seem to have made with this product), but some of us are stuck with workstations that need Java installed for one reason or another. Cheers Nick -- Leave the Olympics in Greece, where they belong. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Java Deployment Toolkit Performs Insufficient Validation of Parameters Tavis Ormandy (Apr 09)
- Re: Java Deployment Toolkit Performs InsufficientValidation of Parameters Larry Seltzer (Apr 09)
- Re: Java Deployment Toolkit Performs Insufficient Validation of Parameters Nick Boyce (Apr 16)