[4797] in WWW Security List Archive
RE: Latest Java hole is Netscape/Sun only
daemon@ATHENA.MIT.EDU (Thomas Reardon)
Thu Mar 13 11:42:06 1997
From: Thomas Reardon <thomasre@microsoft.com>
To: "'schemers@stanford.edu'" <schemers@stanford.edu>
Cc: "'WWW Security List'" <WWW-SECURITY@ns2.rutgers.edu>
Date: Sat, 8 Mar 1997 15:18:57 -0800
Errors-To: owner-www-security@ns2.rutgers.edu
As far as I understand, the IE3.01 (shipping since 10/96) should not be
vulnerable to the recent Java attack. The MIT issue is separate but
painful. It is the third in a series of bugs involving the 'out of
band' downloader, that is the code in IE that handles downloading of
objects that are not handled internally by the browser. We expect to
ship a comprehensive fix for the downloader shortly, rather than a bunch
of one-off patches.
-Thomas
> -----Original Message-----
> From: schemers@stanford.edu [SMTP:schemers@stanford.edu]
> Sent: Friday, March 07, 1997 11:24 PM
> To: Thomas Reardon
> Cc: 'WWW Security List'
> Subject: Re: Latest Java hole is Netscape/Sun only
>
> Thomas Reardon writes:
> > http://www.microsoft.com/security/
> >
> > just a quick note that the VM bug affects only Netscape and Sun
> > implementations. that means IE for Windows is ok, but IE for Mac
> (Sun's
> > VM) is vulnerable. we're off the hook for once this week ;)
> >
>
> vulnerable to a theoritical attack, that is. Which version of IE is
> ok?
> There have been at least 3 IE security holes reported this week,
> including
> another one today by some folks from MIT (see www.news.com).
>
> roland
>
