[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RISKS: YANSF (Yet Another Netscape Security Flaw)

To: [email protected]
Subject: RISKS: YANSF (Yet Another Netscape Security Flaw)
From: [email protected] (Steven Weller)
Date: Fri, 17 May 1996 18:55:57 -0800
Sender: [email protected]

Reposted from RISKS:

----------------------------------------------------------------------

Date: Fri, 17 May 1996 17:11:34 -0400
From: Ed Felten <[email protected]>
Subject: Netscape 2.02 RISK

SECURITY FLAW IN NETSCAPE 2.02

We have discovered an attack that allows a Java applet running under
Netscape Navigator 2.02 to generate and execute arbitrary machine code.
The attack combines a new security bug found by Tom Cargill with some ideas
previously discovered by the Princeton team.  We have implemented a
demonstration applet that deletes a file.  We are not yet releasing
technical details.

For more information, contact Ed Felten ([email protected],
609-258-5906), or see http://www.cs.princeton.edu/sip/News.html

Tom Cargill
Independent Consultant
http://www.csn.net/~cargill/

Dirk Balfanz, Drew Dean, Ed Felten, Dan Wallach
Dept. of Computer Science, Princeton University
http://www.cs.princeton.edu/sip/

------------------------------

-------------------------------------------------------------------------
Steven Weller                      |  Weller's three steps to Greatness:
                                   |     1. See what others cannot
                                   |     2. Think what others cannot
[email protected]                   |     3. Express what others cannot

Prev by Date: Re: SEVERE undercapacity, we need more remailer servers FAST
Next by Date: "Too cheap to meter"
Prev by thread: Re: Spending a year dead for tax purposes
Next by thread: "Too cheap to meter"
Index(es):
- Date
- Thread