<<< Date Index >>>     <<< Thread Index >>>

Re: Sun Java Plugin arbitrary package access vulnerability



On Thu, 2004-11-25 at 05:00, Ken S wrote:
> For browsing to unknown
> sites, it would appear that there is no need to uninstall the older
> versions, unless there is a way for the javascript code to call a
> lower version of the JRE.   Hopefully, that's not possible.

Unfortunately it probably is; see
http://java.sun.com/products/plugin/versions.html#answers

In fact it may be possible to cause the download of a vulnerable
version, in some cases.
-- 
Peter Greenwood <peterg@xxxxxxxxxxxxxxxx>