Bugtraq mailing list archives

Re: Sun Java Plugin arbitrary package access vulnerability

From: Peter Greenwood <peterg () reel demon co uk>
Date: Thu, 25 Nov 2004 18:02:42 +0000

On Thu, 2004-11-25 at 05:00, Ken S wrote:

For browsing to unknown
sites, it would appear that there is no need to uninstall the older
versions, unless there is a way for the javascript code to call a
lower version of the JRE.   Hopefully, that's not possible.


Unfortunately it probably is; see
http://java.sun.com/products/plugin/versions.html#answers

In fact it may be possible to cause the download of a vulnerable
version, in some cases.
-- 
Peter Greenwood <peterg () reel demon co uk>

Current thread:

Sun Java Plugin arbitrary package access vulnerability Jouko Pynnonen (Nov 23)
- Re: Sun Java Plugin arbitrary package access vulnerability Ken S (Nov 23)
- Re: Sun Java Plugin arbitrary package access vulnerability Alla Bezroutchko (Nov 25)
  - Re: [Full-Disclosure] Re: Sun Java Plugin arbitrary package access vulnerability Exchange (Nov 25)
  - Rumours about Opera Marc Schoenefeld (Nov 25)
- <Possible follow-ups>
- Re: Sun Java Plugin arbitrary package access vulnerability Ken S (Nov 25)
  - Re: Sun Java Plugin arbitrary package access vulnerability Peter Greenwood (Nov 25)