Re: Sun Java Plugin arbitrary package access vulnerability
On Thu, 2004-11-25 at 05:00, Ken S wrote:
> For browsing to unknown
> sites, it would appear that there is no need to uninstall the older
> versions, unless there is a way for the javascript code to call a
> lower version of the JRE. Hopefully, that's not possible.
Unfortunately it probably is; see
http://java.sun.com/products/plugin/versions.html#answers
In fact it may be possible to cause the download of a vulnerable
version, in some cases.
--
Peter Greenwood <peterg@xxxxxxxxxxxxxxxx>