[4730] in WWW Security List Archive
RE: Latest Java hole is Netscape/Sun only
daemon@ATHENA.MIT.EDU (Tony)
Sun Mar 9 13:41:57 1997
Date: Sun, 9 Mar 1997 11:31:37 -0500 (EST)
From: Tony <tony@yoss.canweb.net>
To: Thomas Reardon <thomasre@microsoft.com>
cc: "'schemers@stanford.edu'" <schemers@stanford.edu>,
"'WWW Security List'" <WWW-SECURITY@ns2.rutgers.edu>
In-Reply-To: <199703082317.SAA17413@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
I was wondering if any one knows where I can get more specific information
about the newest of the bugs that has been discovered. I am making
referance to the MIT discovery. Your help is appreciated.
Thanks,
Tony Varriano
tony@canew.net
-----------------------------------------
On Sat, 8 Mar 1997, Thomas Reardon wrote:
> As far as I understand, the IE3.01 (shipping since 10/96) should not be
> vulnerable to the recent Java attack. The MIT issue is separate but
> painful. It is the third in a series of bugs involving the 'out of
> band' downloader, that is the code in IE that handles downloading of
> objects that are not handled internally by the browser. We expect to
> ship a comprehensive fix for the downloader shortly, rather than a bunch
> of one-off patches.
>
> -Thomas
>
> > -----Original Message-----
> > From: schemers@stanford.edu [SMTP:schemers@stanford.edu]
> > Sent: Friday, March 07, 1997 11:24 PM
> > To: Thomas Reardon
> > Cc: 'WWW Security List'
> > Subject: Re: Latest Java hole is Netscape/Sun only
> >
> > Thomas Reardon writes:
> > > http://www.microsoft.com/security/
> > >
> > > just a quick note that the VM bug affects only Netscape and Sun
> > > implementations. that means IE for Windows is ok, but IE for Mac
> > (Sun's
> > > VM) is vulnerable. we're off the hook for once this week ;)
> > >
> >
> > vulnerable to a theoritical attack, that is. Which version of IE is
> > ok?
> > There have been at least 3 IE security holes reported this week,
> > including
> > another one today by some folks from MIT (see www.news.com).
> >
> > roland
> >
>
