Re: May, 1996 Java/Netscape hole from Princeton team

To: www-security@ns2.rutgers.edu
Subject: Re: May, 1996 Java/Netscape hole from Princeton team
From: Gene Ingram <gene@hpfsvr01.cup.hp.com>
Date: Mon, 20 May 1996 17:47:37 -0700
Organization: Hewlett-Packard Co.
References: <199605201351.IAA13974@is.rice.edu>
Reply-To: www-security@ns2.rutgers.edu

-----BEGIN PGP SIGNED MESSAGE-----

Prentiss Riddle wrote:
> 
> Yet another Java hole, if anyone's counting.  Forwarded from
> RISKS Digest 18.13.
> 
> -- Prentiss Riddle ("aprendiz de todo, maestro de nada") riddle@rice.edu
> -- RiceInfo Administrator, Rice University / http://is.rice.edu/~riddle
> --------------------------------------------------------------------------
> 
> > Date: Fri, 17 May 1996 17:11:34 -0400
> > From: Ed Felten <felten@CS.Princeton.EDU>
> > Subject: Netscape 2.02 RISK
> >
> > SECURITY FLAW IN NETSCAPE 2.02
> >
> > We have discovered an attack that allows a Java applet running under
> > Netscape Navigator 2.02 to generate and execute arbitrary machine code.
> > The attack combines a new security bug found by Tom Cargill with some ideas
> > previously discovered by the Princeton team.  We have implemented a
> > demonstration applet that deletes a file.  We are not yet releasing
> > technical details.
> >
> > For more information, contact Ed Felten (felten@cs.princeton.edu,
> > 609-258-5906), or see http://www.cs.princeton.edu/sip/News.htm
> >
> > Tom Cargill
> > Independent Consultant
> > http://www.csn.net/~cargill/
> >
> > Dirk Balfanz, Drew Dean, Ed Felten, Dan Wallach
> > Dept. of Computer Science, Princeton University
> > http://www.cs.princeton.edu/sip/

The part about a demo applet that deletes a files got my attention.  Perhaps 
this has been posted already, but has Netscape 3.0 plugged this hole?

Gene

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMaESYc4N33uf66GRAQG5WgQAnEp9b4iHukw2zAcMn/Vc54r6Jk0W01Ut
nDP8no0U37+hPZ3jspsaJWHLVKBMHstPnmP/L6c4uRQtsBUa+Oxbp/PopIaGI7A+
EFkTTS1G3x46iA2cRTW/5qsCFQHeFZg5mhFVQFOR56W42Dz6vGR+YR99CsX3efzH
Sxft1HoZejM=
=HCQO
-----END PGP SIGNATURE-----

-- 
``Imagine if every Thursday your shoes exploded if you tied them 
  the usual way. This happens to us all the time with computers, 
  and nobody thinks of complaining.''  -Jeff Raskin

   ______                  gene@cup.hp.com
  /\__  _\                   ingram@pubs.holosys.com
  \/_/\ \/     ___      __   _ __    __      ___ ___
     \ \ \   /' _ `\  /'_ `\/\`'__\/'__`\  /' __` __`\
      \_\ \__/\ \/\ \/\ \L\ \ \ \//\ \L\.\_/\ \/\ \/\ \
      /\_____\ \_\ \_\ \____ \ \_\\ \__/.\_\ \_\ \_\ \_\
      \/_____/\/_/\/_/\/___L\ \/_/ \/__/\/_/\/_/\/_/\/_/
                        /\____/
________________________\_/__/____________________________________
PGP UserID: "Gene Ingram <gene@cup.hp.com>"
Key Size: 1024 bits; Creation date: 21 March 1996; KeyID: 9FEBA191
Key fingerprint:  93 E1 15 E6 35 BC B2 84  B2 7B 39 76 29 72 32 72

--3D signature created courtesy of ``Figlet Ascii Font Converter''
  <http://mediacube.datacom.de/cgi-bin/moniteurs/figlet>

Follow-Ups:

Re: May, 1996 Java/Netscape hole from Princeton team

From: mrm@doppio.Eng.Sun.COM (Marianne Mueller)

References:

May, 1996 Java/Netscape hole from Princeton team

From: Prentiss Riddle <riddle@is.rice.edu>

Previous: Re: NT Security (PERL)
Next: No Subject
Index(es):
- Index
- Thread