We have discovered a serious security flaw in the Java programming
language. This flaw exposes users of the Netscape Navigator web
browser to a risk of having their machine compromised; for example,
their data files could be read, deleted, or corrupted. We have been
able to exploit this flaw to successfully attack a machine in our own
Users can protect themselves from this risk by disabling Java until
the flaw is fixed. To disable Java, choose "Security Preferences"
from the "Options" menu in Netscape, then click the "Disable Java"
Java is designed to allow an executable computer program, called an
applet, to be attached to a page in the World Wide Web. When a user
browsing the Web visits that page, the applet is automatically
downloaded into the user's machine and executed.
The flaw we discovered allows a malicious applet to generate and
execute raw machine code. This means that the malicious applet can
perform any action that the victim can legally perform; for example,
it can read, delete, or corrupt the victim's files. Since applets are
loaded and run automatically as a side-effect of visiting a Web page,
the result is that an unscrupulous person could "booby-trap" his Web
page so that anyone visiting the page has his machine compromised. A
malicious applet could spread like a virus by attaching itself to the
Web pages of its victims, thus making it difficult to trace the
original source of the attack.
At present we are not releasing technical details about the flaw, in
order to prevent unscrupulous persons from exploiting it. We will
announce the full details later; some of the details also appear
in our paper analyzing the security of Java,
Security: From HotJava to Netscape and Beyond, in the 1996 IEEE Symposium on Security and
The existence of security flaws in Java does not imply that other,
competing systems are more secure. We chose to study Java because it
is the best-known system for attaching programs to Web pages. We
suspect that if competing systems were subjected to the same level of
scrutiny, they would also be found to have flaws. Building a secure
mechanism for embedding executable programs in Web pages is an
extremely difficult task.
[Note that the "security enhancements" announced by Netscape in
version 2.01 of Netscape Navigator do not fix this flaw. They fix two
separate flaws found previously, one
found by us and independently by Steve Gibbons, and
found by David Hopwood.]