Date: Sat, 29 Jun 1996 10:13:46 +0200 (MET DST) From: "Christoph P. Kukulies" <kuku@gilberto.physik.rwth-aachen.de> To: terry@lambert.org (Terry Lambert) Cc: kuku@gilberto.physik.rwth-aachen.de, freebsd-questions@freefall.freebsd.org Subject: Re: java script and security violation message Message-ID: <199606290813.KAA22326@gilberto.physik.rwth-aachen.de> In-Reply-To: <199606281827.LAA08210@phaeton.artisoft.com> from Terry Lambert at "Jun 28, 96 11:27:31 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> > Yesterday I browsed some web sites in Germany from my home machine > > (2.2-current) using netscape (not sure whether it was 2.0 or 3.0b4). > > > > Anyway I got an alert box several times saying something of > > security violation in Java script line xxx. > > > > It looked a bit like I had to be concerned about it. What does it mean? > > Is it a security issue? BTW, I was root while doing this - maybe not > > a good idea to run netscape while being root anyway. > > There are several well known holes in JAVA. One of them uses a two > system user environment attack: it takes advantage of known variables > in shared scoping to hack you. > > This is the kind of bug that was fixed in Netscape 3.0b3 and 3.0b4 > (at the same time, these "sparse space" IPC facilities were what > enabled the JDK to operate, so unless you run 3.0b2, you can't run > the JDK). I checked once again, it was 3.0b4 I was using. > > Search Yahoo for "JAVA security". There are several "crack demonstration > pages" you can play with. > > > Terry Lambert > terry@lambert.org > --- > Any opinions in this posting are my own and not those of my present > or previous employers. > --Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606290813.KAA22326>