RISKS: YANSF (Yet Another Netscape Security Flaw)
Steven Weller
stevenw at best.com
Sat May 18 01:25:59 PDT 1996
Reposted from RISKS:
----------------------------------------------------------------------
Date: Fri, 17 May 1996 17:11:34 -0400
From: Ed Felten <felten at CS.Princeton.EDU>
Subject: Netscape 2.02 RISK
SECURITY FLAW IN NETSCAPE 2.02
We have discovered an attack that allows a Java applet running under
Netscape Navigator 2.02 to generate and execute arbitrary machine code.
The attack combines a new security bug found by Tom Cargill with some ideas
previously discovered by the Princeton team. We have implemented a
demonstration applet that deletes a file. We are not yet releasing
technical details.
For more information, contact Ed Felten (felten at cs.princeton.edu,
609-258-5906), or see http://www.cs.princeton.edu/sip/News.html
Tom Cargill
Independent Consultant
http://www.csn.net/~cargill/
Dirk Balfanz, Drew Dean, Ed Felten, Dan Wallach
Dept. of Computer Science, Princeton University
http://www.cs.princeton.edu/sip/
------------------------------
-------------------------------------------------------------------------
Steven Weller | Weller's three steps to Greatness:
| 1. See what others cannot
| 2. Think what others cannot
stevenw at best.com | 3. Express what others cannot
More information about the cypherpunks-legacy
mailing list