Re: Sun Java Plugin arbitrary package access vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Sun Java Plugin arbitrary package access vulnerability
From: Ken S <ken.securitylist@xxxxxxxxx>
Date: Wed, 24 Nov 2004 23:00:30 -0600
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=G3ao2Bksq335c4BDXyoXLYq3MRn7Kisd5OT8xRjV533JCUyeWb3kDbnBEe+MLnsO5vpbvucUcBO4/tdPIUHMI6TQdkVy2BIUbvi2fD40iUSJj829kBsP0ylRO62dS0BwUkUgl4Px2U45ep8kcNWLlOuH5c317NqN64cQlDt1XRs=
In-reply-to: <200411241859.iAOIxvDP000794@xxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <200411241859.iAOIxvDP000794@xxxxxxxxxxxx>
Reply-to: Ken S <ken.securitylist@xxxxxxxxx>

After installing a new version of the JRE on two machines, IE and
Firefox both report the plug-in as 1.4.2_06.  For browsing to unknown
sites, it would appear that there is no need to uninstall the older
versions, unless there is a way for the javascript code to call a
lower version of the JRE.   Hopefully, that's not possible.

Follow-Ups:
- Re: Sun Java Plugin arbitrary package access vulnerability
  - From: Peter Greenwood

Prev by Date: Re: Sun Java Plugin arbitrary package access vulnerability
Next by Date: Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception
Previous by thread: Rumours about Opera
Next by thread: Re: Sun Java Plugin arbitrary package access vulnerability
Index(es):
- Date
- Thread