[2119] in WWW Security List Archive
May, 1996 Java/Netscape hole from Princeton team
daemon@ATHENA.MIT.EDU (Prentiss Riddle)
Mon May 20 12:00:38 1996
From: Prentiss Riddle <riddle@is.rice.edu>
To: www-security@ns2.rutgers.edu
Date: Mon, 20 May 1996 08:51:20 -0500 (CDT)
Errors-To: owner-www-security@ns2.rutgers.edu
Yet another Java hole, if anyone's counting. Forwarded from
RISKS Digest 18.13.
-- Prentiss Riddle ("aprendiz de todo, maestro de nada") riddle@rice.edu
-- RiceInfo Administrator, Rice University / http://is.rice.edu/~riddle
--------------------------------------------------------------------------
> Date: Fri, 17 May 1996 17:11:34 -0400
> From: Ed Felten <felten@CS.Princeton.EDU>
> Subject: Netscape 2.02 RISK
>
> SECURITY FLAW IN NETSCAPE 2.02
>
> We have discovered an attack that allows a Java applet running under
> Netscape Navigator 2.02 to generate and execute arbitrary machine code.
> The attack combines a new security bug found by Tom Cargill with some ideas
> previously discovered by the Princeton team. We have implemented a
> demonstration applet that deletes a file. We are not yet releasing
> technical details.
>
> For more information, contact Ed Felten (felten@cs.princeton.edu,
> 609-258-5906), or see http://www.cs.princeton.edu/sip/News.html
>
> Tom Cargill
> Independent Consultant
> http://www.csn.net/~cargill/
>
> Dirk Balfanz, Drew Dean, Ed Felten, Dan Wallach
> Dept. of Computer Science, Princeton University
> http://www.cs.princeton.edu/sip/
