Java Plug-In Security Vulnerability Fixed

If you haven’t already made the leap to Java 5.0, you’ll want to at least update the version you’re using. The just-released versions 1.4.2_06 and 1.3.1_13 plug a security hole in the Java Plug-In for Windows, Linux, and Solaris, whereby a malicious applet may gain access to your local file system and do evil things. Java 5.0 is not affected.

The official vulnerability report from Sun contains a pointer to a more technical explanation of the vulnerability.

Hopefully Sun will put the update on and the automatic Java Update system soon. They seem to be dragging their heels a little, perhaps as a “soft launch” to ensure the update doesn’t produce any serious side effects.


Category: java Time: 2004-11-24 Views: 2

Related post

  • How does Java 7 update 11 fix the security vulnerability? 2013-01-15

    There is a new Java released a couple days ago to resolve a hole that was recently discovered. (Oracle, US-CERT, NVD/NIST) In my initial reading about this update 11, I saw clearly where it by default partially disabled the run-without-asking functio

  • Fix security vulnerability in dnsmasq on Ubuntu 12.04 2013-08-28

    I have an Ubuntu 12.04 server using dnsmasq and recently ran into the following security vulnerability which does not seem to have a fix on 12.04. How do I go about fixing this

  • Possible security vulnerability of public interest 2016-06-29

    Let's say I found a possible vulnerability in a security system. The system has been universally considered sound for years and nowadays is used worldwide. I am not an expert in security, but there are things that worry me: Using a security system be

  • Is Java Plug-in still relevant? 2011-05-28

    When I challenged Chrome development team about their decision to block every version of the Java Plug-in by default ( They answered that Java Plug-in is not widely used anymore. Google is als

  • Java plug-in runs only for administrators in Firefox 8 2011-12-14

    I had Firefox 3.6 installed on a Windows XP with the Java plugin working fine. I then installed Firefox 8 and now the Java plug-in only works for users with admin privileges. The Add-Ons -> Plugins section does not list the Java Runtime for limited u

  • SQL injection security vulnerability in Plesk control pannel 2012-03-01

    I have plesk 10.3.1 and I received following email from the Plesk admin Parallels, the manufacturer and distributor of the Plesk Control Panel, has identified a SQL injection security vulnerability in some older versions of the control panel. This vu

  • How to best present 'Security Vulnerability Feedback' to devs in the IDE (like VisualStudio) 2012-06-21

    I posted today a pretty cool PoC where I was able to provide real-time 'security vulnerability feedback' to a developer as he is writing code in VisualStudio. You can see the video at Real-time Vulnerability Creation Feedback inside VisualStudio (wit

  • How do I respond to a published security vulnerability in my application? 2012-08-29

    In my spare time I write some PHP code the purpose of which is to block link spam and other various malicious activity. On May 11 someone who discovered an XSS vulnerability in the WordPress version of this code published it without notifying me firs

  • Java class type parameter vulnerability 2012-09-21

    In a Java programming book there is a section that details the JVM and memory addresses and location as it pertains to parameters of a class type. As you can see from the console output the initial object is overwritten in memory (potentially uninten

  • PHP may be executing as a "privileged" group and user, which could be a serious security vulnerability 2012-09-27

    I ran some security tests on a Ubuntu 12.04 Server, and I've got these warnings : PHP may be executing as a "privileged" group, which could be a serious security vulnerability. PHP may be executing as a "privileged" user, which could b

  • Are there any real life cases, where using final keyword in Java increases system security? 2013-09-12

    I've came across that question on StackOverflow: The claim is made, that according to Wikipedia: A final class cannot be subclassed. This is done for reasons of securi

  • Disabling Java plug-in globally? 2014-03-10

    After following the instructions in this answer (briefly: Java prefs pane → Security → disable "Enable Java content in the browser") to disable the Java plug-in globally, I'm presented with an admin password prompt dialog, followed in turn by th

  • I've found security vulnerability in current linux distribution. What next? 2014-05-01

    I've installed ubuntu server 12.04 on VM two weeks ago. I've created regular snapshots. XXX time ago I've noticed unusual activity and I've found that a backdoor was installed into my server. One of backdoored files was sshd. Ive then analysed the lo

  • How do I report a security vulnerability about a trusted certificate authority? 2015-06-10

    This question already has an answer here: How to disclose a security vulnerability in an ethical fashion? 6 answers I stumbled across a huge security vulnerability in a Certificate Authority that is trusted by all modern browsers and computers. Speci

  • What is happening now with the Grub backspace key security vulnerability? 2015-12-17

    I have just read an article about a new Grub vulnerability. The article said that you can bypass the password protection by pressing backspace about twenty eight times. I am a security guy and I am concerned about the vulnerability, so I would like t

  • "Serious security vulnerability" in Greasemonkey 2005-07-19

    The maker of Greasemonkey, a popular extension for power users of the Firefox browser, has posted a warning of a serious security vulnerability in the current release. This vulnerability can potentially give access to any and all files stored on a sy

  • IIS6 Double-Encoding: Still a Security Vulnerability? 2009-12-02

    Is Double-Encoding still a security vulnerability on IIS6 as it was in IIS4/5? --------------Solutions------------- The answer is yes and no, Strictly speaking, on the MS-API level, The issue has been rectified. Of course, if your application deals w

  • how to set default java plug-in version 2010-06-02

    I can set the jre version from the Control Panel -> Java -> Java Runtime Environment Settings. But I cannot figure out how to change the Java Plug-in Version. I would like to use an earlier java plug-in version, like 1.5.0_12. How can I do that? Tha

  • Tracking Security Vulnerability remediation 2010-06-12

    I've been looking into this for a little while, but havn't really found anything suitable. What I am looking for is a system to track security vulnerability remdiation status. Something like "bugzilla for IT" What I am looking for is something p

iOS development

Android development

Python development

JAVA development

Development language

PHP development

Ruby development


Front-end development


development tools

Open Platform

Javascript development

.NET development

cloud computing


Copyright (C), All Rights Reserved.

processed in 1.050 (s). 13 q(s)