Sun and Netscape fix Java-Navigator flaw
From PC Week for October 16, 1995 by Michael Moeller
Netscape Communications Corp. has identified a flaw in Sun Microsystems Inc.'s Java development language that caused a security hole in Netscape's Navigator 2.0 Internet browser. The flaw left open the possibility for corrupted files or viruses to be downloaded over the Internet to a host PC. Netscape officials, in Mountain View, Calif., said the problem occurred when porting Java to the Netscape platform. Sun, also based in Mountain View, issued a fix that performs a tighter security scan of Java applets, or portions of code. Sun officials said no users were affected by the security flaw. The company is beta testing Java now, and the final version is scheduled to be released next month. Ironically, Java was designed as a secure development language to prevent users from contracting a virus when downloading an application over the Internet. With Java, World-Wide Web application developers can create applets that are turned into full-scale application code once downloaded by a Java- enabled browser. A security feature in Java scans for viruses before activating the applet. Java applications are designed to be run within the secure environment of a Java-enabled browser. When Java was ported to Netscape, one of the security features "fell through the cracks," said Arthur van Hoff, senior staff engineer at Sun and a principal architect of Java. As a result, a user could have downloaded a corrupt applet that could have continued to function outside the secure environment of the browser shell and infected other programs on a user's computer. Netscape has since released two new versions of its Navigator 2.0 browser for beta testing, one with Java support and one without. However, Netscape officials said that once the browser is released in mid-December, all versions of Navigator 2.0 will be Java-enabled. --****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION*** Your e-mail reply to this message WILL be *automatically* ANONYMIZED. Please, report inappropriate use to abuse@anon.penet.fi For information (incl. non-anon reply) write to help@anon.penet.fi If you have any problems, address them to admin@anon.penet.fi