[4718] in WWW Security List Archive
Re: Latest Java hole is Netscape/Sun only
daemon@ATHENA.MIT.EDU (Bob Denny)
Fri Mar 7 21:06:56 1997
From: "Bob Denny" <rdenny@dc3.com>
Date: Fri, 7 Mar 1997 16:23:13 -0800
In-Reply-To: Thomas Reardon <thomasre@microsoft.com>
"Latest Java hole is Netscape/Sun only" (Mar 7, 9:56)
To: "'WWW Security List'" <WWW-SECURITY@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
On Mar 7, Thomas Reardon (Microsoft) wrote:
> Subject: Latest Java hole is Netscape/Sun only
> http://www.microsoft.com/security/
>
> just a quick note that the VM bug affects only Netscape and Sun
> implementations. that means IE for Windows is ok, but IE for Mac (Sun's
> VM) is vulnerable. we're off the hook for once this week ;)
I just had to say this... the hole found in Java exposes Java to the level of
capability control that is intrinsic in ActiveX, nothing. Now that Java has
code signing, it has both parts of a real security policy, the who _and_ the
what. ActiveX has only the who.
-- Bob
