JRE 7 - Does it mend JRE 6 problem?

I'm still using XP-SP3

Secunia has identified a problem with the latest official JRE.
http://secunia.com/advisories/45173/

Does the JRE 7 beta fix it?
http://jdk7.java.net/download.html

Thanks.

P.S. By the way, I'm a simple end user, not a security expert.

 

Please see this thread

 

I saw that thread but, apparently, the various CPU fixes have little, actually nothing, to do with the current release version of Java. As a result, I'd say the question posed by the OP still stands (and considering Java HotSpot technology is still supported and there is no mention whatsoever of an issue, or a fix, anywhere on the beta pages I read, I would think the question would probably be answered in the negative).

 

I've also wondered if the updated JRE 7 was going to be more secure than JRE 6. If not it will never touch my machine. I got rid of 6 months ago and haven't missed it.

 

I sure hope so! I was able to locate the following, which relates to the previous build (b146) of JRE 7. However, I'm not at all certain whether or not the change(s) relate to the issue identified by Secunia (maybe someone else can shed some light on that).

Build b146 changes: http://download.java.net/jdk7/changes/jdk7-b146.html

(note "Hotspot: securely/restrictive load dlls and new API for loading system dlls")

 

With all due respect to the moderator, I don't see the relevance of the thread for which the link was given to my question. As the comments have indicated, the issue appears to remain open.

 

If the link I provided is of no help, accept my apologies and disregard.

Thank you.

 

No problem, siljaline. Actually, I was hoping you would be able to provide some insight into this issue.

If you read the article at --> http://blog.acrossecurity.com/2011/07/binary-planting-goes-any-file-type.html --< you'll notice a link to download a package to test the exploitation of the "bug".

I have JRE 7 (b147) installed on one of my machines, downloaded the package, and ran the test. It sure appeared to me that the (potential) exploit is alive and well, even in the new version. Of course, users need to grant permission for it to run - script blocking extensions, such as NoScript, prevent it from running in browsers like Firefox, I had to specifically allow access in IE, and clicking on the html file did nothing when I set Chrome as my default browser.

 

What about Firefox or Java programs? Do you need to grant permissions on those?

 

Well, I'm running Aurora at the moment, FWIW. Regardless, when I disabled NoScript and did the test, "malicious.exe" was indeed launched (I actually found the file in my Windows Prefetch folder). At any rate, there was no opportunity to grant (or deny) permission; it simply launched after clicking the test html file.

 

Wow, better be fixed by the time that JRE 7 is released. Does this only affect web browsers and html files?

 

Yep, we can always hope but no way I'm going to be overly optimistic in that regard.

According to the article, it goes beyond browsers but in the article it was noted:

 

That's good, because my browser is secured by far the most.