[Previous] [Next] [Index]
[Thread]
Re: Java/Netscape security holes: hole du jour and summary
Prentiss Riddle wrote:
>
> Forwarded from RISKS Digest 18.08.
>
> Note that Netscape Navigator 3.0b is out now, with no indication that
> Java holes found in 2.01 have been closed in 3.0b. See:
>
> http://www.mcom.com/comprod/products/navigator/version_3.0/index.htm
> http://home.netscape.com/eng/mozilla/3.0/relnotes/unix-3.0b3.htm
>
> -- Prentiss Riddle ("aprendiz de todo, maestro de nada") riddle@rice.edu
> -- RiceInfo Administrator, Rice University / http://is.rice.edu/~riddle
> -- Home office: 2002-A Guadalupe St. #285, Austin, TX 78705 / 512-323-0708
> --------------------------------------------------------------------------
>
> | Date: Sun, 28 Apr 1996 03:42:49 +0000 (BST)
> | From: David Hopwood <david.hopwood@lady-margaret-hall.oxford.ac.uk>
> | Subject: Another way to run native code from Java applets
> |
> | In addition to the security bug found by Drew Dean, Ed Felten and Dan
> | Wallach in March, there is another way to run native code from a Java
> | applet, which will require a separate fix to the current versions of
> | Netscape (2.01 and Atlas PR2) and Sun's Java Development Kit (1.01).
If you look at Hopwood's web site now, you will see that the bug in
question is actually fixed in PR2.
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
Follow-Ups:
References: