Java vulnerability in IE and Opera

meneer · Jun 9, 2005

Strange warning: a researcher reports a vulnerability in the Java functions of both IE and Opera. He alerts Microsoft, Opera and the whole world on the same day.
Wouldn't disclosing it some time after alerting the publishers of the browsers be more sensible?

report here

(it seems to be a nasty bug...)

SSK · Jun 9, 2005

Looks like this guy wants to make a name for himself

meneer · Jun 9, 2005

It looks a bit like cloaking, the trick that led to some Dutch companies that used the trick to being punished by Google by not indexing their sites... (Dutch language link)

Pollmaster · Jun 9, 2005

meneer said:

Strange warning: a researcher reports a vulnerability in the Java functions of both IE and Opera. He alerts Microsoft, Opera and the whole world on the same day.
Wouldn't disclosing it some time after alerting the publishers of the browsers be more sensible?

report here

(it seems to be a nasty bug...)
Click to expand...

Look's relatively minor on its own.

This bug is not only a bug and can be unpleasant for website programmers, it can possibly be exploited and then be used to run random JavaScript code on the user’s machine without the user can check the JavaScript code. Software running on the computer to protect the user (like Norton, McAfee,…) that checks the JavaScript code to be not harmful will not work because the original JavaScript source code will not be visible and even reloading the page, printing or saving the page will not give the original JavaScript and cannot be checked. In this manner it is maybe possible to use all the known IE security flaws to exploit again with this bug.
Click to expand...

I suppose so, but if you are truly relying on an AV to protect you from a known JS exploit, you are already on very thin ice already. (BTW, I doubt this trick works perfectly)

If I had some zero day browser exploit unknown to the world, I would combine it with this trick to have analysis of my exploit harder. But on it's own, this exploit is interesting but not that serious IMHO.

This bug can possibly also be exploited to hide information for the user. In this manner it can be used to mislead search engines. The website programmer can add as much information, keywords,… to his page and give it a lay-out in a way that search engines like Google think it are important keywords of the website, without the user can view the keywords but will see other information.
Click to expand...

Yet another way of cloaking, *yawn*, much easier ways to do it.

BTW, shouldnt the subject read "JAVASCRIPT" not Java vulnerability?

Log in or Sign up

Java vulnerability in IE and Opera

meneer Registered Member

SSK Registered Member

meneer Registered Member

Pollmaster Guest

Log in or Sign up

Java vulnerability in IE and Opera

meneer Registered Member

SSK Registered Member

meneer Registered Member

Pollmaster Guest

Useful Searches