| |
| History |
|
| People |
|
| Partners |
|
| Research |
|
| Publications |
|
| FAQ |
|
| Links |
|
We have discovered another serious security flaw in the Java
programming language, which allows a malicious Java applet running
under Netscape Navigator (version 2.0 or 2.01) to execute arbitrary
machine code. We have implemented an applet that exploits the flaw to
remove a file. Until a fix is issued, Netscape users can only protect
themselves by disabling Java in the Security Preferences dialog. At present we are not releasing full technical details about the flaw. We will announce the full details later; some of the details are also in our paper analyzing the security of Java, Java Security: From HotJava to Netscape and Beyond, in the 1996 IEEE Symposium on Security and Privacy. [Note that the "security enhancements" announced by Netscape in version 2.01 of Netscape Navigator do not fix this flaw. They fix two separate flaws found earlier, one found by us and independently by Steve Gibbons, and the other found by David Hopwood.] |
|
Department of Computer Science Contact: sip@cs.princeton.edu |