Java vulnerability in IE and Opera

Discussion in 'other security issues & news' started by meneer, Jun 9, 2005.

Thread Status:
Not open for further replies.
  1. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    Strange warning: a researcher reports a vulnerability in the Java functions of both IE and Opera. He alerts Microsoft, Opera and the whole world on the same day.
    Wouldn't disclosing it some time after alerting the publishers of the browsers be more sensible?

    report here

    (it seems to be a nasty bug...)
     
    Last edited: Jun 9, 2005
  2. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    Looks like this guy wants to make a name for himself :mad:
     
  3. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    It looks a bit like cloaking, the trick that led to some Dutch companies that used the trick to being punished by Google by not indexing their sites... (Dutch language link)
     
  4. Pollmaster

    Pollmaster Guest

    Look's relatively minor on its own.

    I suppose so, but if you are truly relying on an AV to protect you from a known JS exploit, you are already on very thin ice already. (BTW, I doubt this trick works perfectly)

    If I had some zero day browser exploit unknown to the world, I would combine it with this trick to have analysis of my exploit harder. But on it's own, this exploit is interesting but not that serious IMHO.

    Yet another way of cloaking, *yawn*, much easier ways to do it.

    BTW, shouldnt the subject read "JAVASCRIPT" not Java vulnerability?
     
Loading...
Thread Status:
Not open for further replies.