Sun Java Plugin Arbitary package Access vulnerability

Discussion in 'privacy problems' started by Rita, Nov 24, 2004.

Thread Status:
Not open for further replies.
  1. Rita

    Rita Infrequent Poster

    Jun 28, 2004
    wilds of wv
    Hi everyone
    I just done a browser security test,and it showed 1 high risk vulnerability and this is what it said,my question is should I download the upgrade,wanted to ask first because I dont understand this:

    High Risk Vulnerabilities
    Sun Java Plugin Arbitrary Package Access Vulnerability (idef20041123)
    Java Plugin allows web browsers to run Java applets. Java plugin may be used by Internet Explorer, Mozilla (and Mozilla-base browsers, such as Firefox), Opera and other browsers.

    When a browser opens a web page that contains a Java applet the browser automatically downloads the applet and runs it locally. To protect the user from malicious applets all the applets run in so called "sandbox". The sandbox restricts what an applet can do. For example, the sandbox will not allow an applet to open local files or start programs.

    This bug in Sun Java Plugin allows a web site to bypass the sandbox and execute Java code that the sandbox will normally not allow and possibly gain control over the client computer.

    Technical Details
    Sun Java Virtual Machine contains sun.* packages that are only supposed to be used internally, by the virtual machine itself. Some private classes allow direct access to memory or modifying private fields of Java objects. If an applet attempts to load one of those packages a security exception is thrown. If an applet could load those classes it could turn off Java Security Manager and break out of Java sandbox.

    JavaScript can access properties and methods of Java applets embedded on the page. It is possible to load a private package from JavaScript as shown in the code below:

    var c=document.applets[0].getClass().forName('sun.text.Utility');
    alert('got Class object: '+c)
    Java Reflection API allows objects to examine their own structure (for example, find out the class of the object or the available methods). Reflection API defines getClass() function that returns the object's class. forName method of Class object loads the named class. The same operation done from the Java applet instead of JavaScript would fail.

    Upgrade Java Environment to version 1.4.2_06 or later. It can be downloaded from
Thread Status:
Not open for further replies.