[Previous] [Next] [Index]
[Thread]
Re: May, 1996 Java/Netscape hole from Princeton team
-----BEGIN PGP SIGNED MESSAGE-----
Prentiss Riddle wrote:
>
> Yet another Java hole, if anyone's counting. Forwarded from
> RISKS Digest 18.13.
>
> -- Prentiss Riddle ("aprendiz de todo, maestro de nada") riddle@rice.edu
> -- RiceInfo Administrator, Rice University / http://is.rice.edu/~riddle
> --------------------------------------------------------------------------
>
> > Date: Fri, 17 May 1996 17:11:34 -0400
> > From: Ed Felten <felten@CS.Princeton.EDU>
> > Subject: Netscape 2.02 RISK
> >
> > SECURITY FLAW IN NETSCAPE 2.02
> >
> > We have discovered an attack that allows a Java applet running under
> > Netscape Navigator 2.02 to generate and execute arbitrary machine code.
> > The attack combines a new security bug found by Tom Cargill with some ideas
> > previously discovered by the Princeton team. We have implemented a
> > demonstration applet that deletes a file. We are not yet releasing
> > technical details.
> >
> > For more information, contact Ed Felten (felten@cs.princeton.edu,
> > 609-258-5906), or see http://www.cs.princeton.edu/sip/News.htm
> >
> > Tom Cargill
> > Independent Consultant
> > http://www.csn.net/~cargill/
> >
> > Dirk Balfanz, Drew Dean, Ed Felten, Dan Wallach
> > Dept. of Computer Science, Princeton University
> > http://www.cs.princeton.edu/sip/
The part about a demo applet that deletes a files got my attention. Perhaps
this has been posted already, but has Netscape 3.0 plugged this hole?
Gene
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMaESYc4N33uf66GRAQG5WgQAnEp9b4iHukw2zAcMn/Vc54r6Jk0W01Ut
nDP8no0U37+hPZ3jspsaJWHLVKBMHstPnmP/L6c4uRQtsBUa+Oxbp/PopIaGI7A+
EFkTTS1G3x46iA2cRTW/5qsCFQHeFZg5mhFVQFOR56W42Dz6vGR+YR99CsX3efzH
Sxft1HoZejM=
=HCQO
-----END PGP SIGNATURE-----
--
``Imagine if every Thursday your shoes exploded if you tied them
the usual way. This happens to us all the time with computers,
and nobody thinks of complaining.'' -Jeff Raskin
______ gene@cup.hp.com
/\__ _\ ingram@pubs.holosys.com
\/_/\ \/ ___ __ _ __ __ ___ ___
\ \ \ /' _ `\ /'_ `\/\`'__\/'__`\ /' __` __`\
\_\ \__/\ \/\ \/\ \L\ \ \ \//\ \L\.\_/\ \/\ \/\ \
/\_____\ \_\ \_\ \____ \ \_\\ \__/.\_\ \_\ \_\ \_\
\/_____/\/_/\/_/\/___L\ \/_/ \/__/\/_/\/_/\/_/\/_/
/\____/
________________________\_/__/____________________________________
PGP UserID: "Gene Ingram <gene@cup.hp.com>"
Key Size: 1024 bits; Creation date: 21 March 1996; KeyID: 9FEBA191
Key fingerprint: 93 E1 15 E6 35 BC B2 84 B2 7B 39 76 29 72 32 72
--3D signature created courtesy of ``Figlet Ascii Font Converter''
<http://mediacube.datacom.de/cgi-bin/moniteurs/figlet>
Follow-Ups:
References: