Date: Fri, 28 Jun 1996 11:27:31 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: kuku@gilberto.physik.rwth-aachen.de (Christoph P. Kukulies) Cc: freebsd-questions@freefall.freebsd.org Subject: Re: java script and security violation message Message-ID: <199606281827.LAA08210@phaeton.artisoft.com> In-Reply-To: <199606281105.NAA18849@gilberto.physik.rwth-aachen.de> from "Christoph P. Kukulies" at Jun 28, 96 01:05:48 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> Yesterday I browsed some web sites in Germany from my home machine > (2.2-current) using netscape (not sure whether it was 2.0 or 3.0b4). > > Anyway I got an alert box several times saying something of > security violation in Java script line xxx. > > It looked a bit like I had to be concerned about it. What does it mean? > Is it a security issue? BTW, I was root while doing this - maybe not > a good idea to run netscape while being root anyway. There are several well known holes in JAVA. One of them uses a two system user environment attack: it takes advantage of known variables in shared scoping to hack you. This is the kind of bug that was fixed in Netscape 3.0b3 and 3.0b4 (at the same time, these "sparse space" IPC facilities were what enabled the JDK to operate, so unless you run 3.0b2, you can't run the JDK). Search Yahoo for "JAVA security". There are several "crack demonstration pages" you can play with. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606281827.LAA08210>