Netscape - Java Vulnerability

*urban* · 08-10-2000, 11:27 AM

Quote:

This vulnerability allows a hostile web site to start a server process on the browser system. That server can access arbitrary files on the browser system and locally connected networks through "file:" URLs.

All versions of Netscape Navigator and Netscape Communicator versions 4.74 and earlier are vulnerable when Java is enabled.

http://www.ciac.org/ciac/bulletins/k-063.shtml
.
[This message has been edited by urban (edited 08-10-00@11:27 am)]

*sheila* · 08-11-2000, 12:56 AM

I was reading some commentary on this topic yesterday in netscape.public. general, and the author of one article said that IE5.5 also has this vulnerability, and that one had to go back to Netscape 4.08 or any of the 4.0x releases of Netscape would not have it.

This doesn't agree with the article you posted, it seems to me.