|
|
#1
June 14th, 2005, 11:24 AM
|
||||
|
||||
Java Web Start / Sun JRE Sandbox Security Bypass Vulnerability
|
|
#2
June 14th, 2005, 12:03 PM
|
|||
|
|||
|
Re: Java Web Start / Sun JRE Sandbox Security Bypass Vulnerability
If I'm reading that right, it was fixed in JRE 1.5 (or 5.0, their numbering confuses me) Update 2, which has been available many months now.
__________________
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-10, Firefox 21.0 (default). 320 gig HD, 6Mb DSL, Win firewall, Avast 8.0.1489 free, SpywareBlaster, MBAM --- My name is Any Key. Please don't hit me. |
|
#3
June 14th, 2005, 12:06 PM
|
||||
|
||||
Re: Java Web Start / Sun JRE Sandbox Security Bypass Vulnerability
Good call Ron!
 I've alway's had suspicion's about unauthorized applet start's.GF 
__________________
"No matter what, no matter where ~ it's always home when love is there!"
|
|
#4
June 14th, 2005, 12:16 PM
|
||||
|
||||
|
Re: Java Web Start / Sun JRE Sandbox Security Bypass Vulnerability
Quote:
Their numbering system can get confusing. I'm using the 1.4.xxx versions. |
|
#5
June 14th, 2005, 02:21 PM
|
||||
|
||||
|
Re: Java Web Start / Sun JRE Sandbox Security Bypass Vulnerability
I wonder why Sun keeps insisting pushing Java Web start with JRE, while I see no use for it and it has had it's load of vulnerabilities. The only way to remove the damn thing is by deleting the javaws folder.
|
|
#6
June 14th, 2005, 05:04 PM
|
|||
|
|||
|
Re: Java Web Start / Sun JRE Sandbox Security Bypass Vulnerability
THIS ISSUE WAS FIXED BUT IF YOU DISLIKE WEBSTART JUST>
To work around the described issue, disable Java Web Start applications from being launched from a web browser as follows: For Internet Explorer: Right click on the "Start" button and select "Explore" In the "Start Menu" window, select "Tools" => "Folder Options" From the "Folder Options" window, select the "File Types" tab From the "Registered File Types" window, scroll down and locate the "JNLP - JNLP File" Select the "JNLP - JNLP File" and click the "Delete" button For Mozilla: Select "Preferences" under the browser's "Edit" menu In the "Preferences" window, select "Helper Applications" located under the "Navigator" category Under "Files types", scroll down and locate "application/x-java-jnlp-file" Select "application/x-java-jnlp-file" and click the "Remove" button Notes: 1. On Microsoft Windows, applications may also be launched from the desktop icon or Start Menu if a shortcut was previously created for an application. Unknown applications should not be launched through the desktop icon or the Start Menu. Shortcuts can be removed by using the Java Web Start Application Manager through the "Application/Remove Shortcut" menu item. |
|
#7
June 14th, 2005, 06:12 PM
|
||||
|
||||
|
Re: Java Web Start / Sun JRE Sandbox Security Bypass Vulnerability
Hi snowieone,
Thanks for this solution. It's much more elegant and scriptable than just deleting the entire javaws folder. I already discoverd how to remove the desktop icon using an installation script. Now I still have to verify it doesn't recreate these keys after updating JRE. |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
