Big Brother Awards
quintessenz search  /  subscribe  /  upload  /  contact  
/q/depesche *
/kampaigns
/topiqs
/doquments
/contaqt
/about
/handheld
/subscribe
RSS-Feed Depeschen RSS
Hosted by NESSUS
<<   ^   >>
Date: 1998-07-18

Boeses Sicherheits/loch im Navigator


-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-

Wer Netscape ab 4.0 benützt, hat ein Sicherheits/problem.
Bösartige Java applets können die "security controls" des
Brausers ausschalten, womit er schutzlos gegen Angriffe
aller Arten ist.
Netscape spielt den Fall herunter, die Entdecker des Bugs
machen für die Unsicherheit auf Java's "security
architecture" zurück.
Nur für die 4.5 Betaversion des Navig/ & Communic/ator wurde
das Sicherheits/loch geflickt

-.-.- --.- -.-.- --.- -.-.- --.-
CNET NEWS.COM July 17, 1998, 12 p.m.

Just in the nick of time for its Communicator 4.5 beta
release, Netscape Communications has moved to fix a serious
security hole that affects certain versions of its Web
browser.

The flaw, discovered and brought to Netscape's attention by
the Secure Internet Programming group at Princeton
University, lets a malicious Java applet disable the
browser's security controls, leaving the user's computer
defenseless against attacks over the Internet.

"The potential consequences are as severe as they could be,"
said SIP director Edward Felten. "Once you penetrate the
security of the browser, then there isn't more protection.
Someone can write an applet that can seize control of the
victim's machine and delete or modify files, spread viruses,
or whatever."
...
While emphasizing that the company takes all security
breaches seriously, Netscape executives downplayed the
threat posed by this particular hole.
...
The flaw, which affects only versions 4.0x of Netscape's
Navigator browser, lies in the implementation of what are
called "class loaders" in the Java programming language.
These units load and put together classes, or units of Java
code, within the Java virtual machine (JVM), the software
that lets applications written in Java run on multiple
platforms.
...
While the flaw discovered in this case is specific to the
Navigator 4.0x browsers, Felten and his group lay much of
the blame with the Java security architecture.
...
Princeton's SIP notified Netscape last week about the hole,
and the company said it had patched the hole in time for the
beta release of Communicator 4.5. For those using
Communicator Versions 4.01 to 4.05, Netscape in the next few
weeks will post another revision of the 4.0x browser with
the hole patched.


Full text
http://www.news.com/News/Item/0,4,24335,00.html
http://www.news.com/News/Item/Textonly/0,25,24335,00.html?st.ne.ni.pfv
-.-.- --.- -.-.- --.- -.-.- --.-
TIP
Download free PGP 5.5.3i (Win95/NT & Mac)
http://keyserver.ad.or.at/pgp/download/

-.-.- --.- -.-.- --.- -.-.- --.-

- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
edited by Harkank
published on: 1998-07-18
comments to office@quintessenz.at
subscribe Newsletter
- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
<<   ^   >>
Druck mich

BigBrotherAwards


Eintritt zur Gala
sichern ...



25. Oktober 2023
#BBA23
Big Brother Awards Austria
 CURRENTLY RUNNING
q/Talk 1.Juli: The Danger of Software Users Don't Control
Dr.h.c. Richard Stallman live in Wien, dem Begründer der GPL und des Free-Software-Movements
 
 !WATCH OUT!
bits4free 14.Juli 2011: OpenStreetMap Erfinder Steve Coast live in Wien
Wie OpenStreetMaps die Welt abbildet und was ein erfolgreiches Crowdsourcing Projekt ausmacht.