[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

java flaw

Sun and Netscape fix Java-Navigator flaw

From PC Week for October 16, 1995 by Michael Moeller

Netscape Communications Corp. has identified a flaw in Sun Microsystems
Inc.'s Java development language that caused a security hole in
Netscape's Navigator 2.0 Internet browser.

The flaw left open the possibility for corrupted files or viruses to be
downloaded over the Internet to a host PC.

Netscape officials, in Mountain View, Calif., said the problem occurred
when porting Java to the Netscape platform.

Sun, also based in Mountain View, issued a fix that performs a tighter
security scan of Java applets, or portions of code. Sun officials said
no users were affected by the security flaw.

The company is beta testing Java now, and the final version is scheduled
to be released next month.

Ironically, Java was designed as a secure development language to
prevent users from contracting a virus when downloading an application
over the Internet.

With Java, World-Wide Web application developers can create applets that
are turned into full-scale application code once downloaded by a Java-
enabled browser.

A security feature in Java scans for viruses before activating the

Java applications are designed to be run within the secure environment
of a Java-enabled browser.

When Java was ported to Netscape, one of the security features "fell
through the cracks," said Arthur van Hoff, senior staff engineer at Sun
and a principal architect of Java.

As a result, a user could have downloaded a corrupt applet that could
have continued to function outside the secure environment of the browser
shell and infected other programs on a user's computer.

Netscape has since released two new versions of its Navigator 2.0
browser for beta testing, one with Java support and one without.

However, Netscape officials said that once the browser is released in
mid-December, all versions of Navigator 2.0 will be Java-enabled.

Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                [email protected]
For information (incl. non-anon reply) write to    [email protected]
If you have any problems, address them to          [email protected]