On TechRepublic: 12 tech terms that make you sound old
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 15 of 91:
Next »
« Previous
Are you sure?
Not trying to be argumentave, just asking if you're sure? The anouncement referenced in the article doesn't say anything about whether the Java plug-in runs under the user or system privelages. It does however say-

"An attacker can't do much with the utility class in this example, but could use other private classes to exploit the vulnerability. Some of them allow e.g. direct access to memory or methods for modifying private fields of Java objects. The latter allows an attacker to simply turn off the Java security manager, after which there is no sandbox restricting what the Applet can do."

Which sounds to me like the machine could be wide open no matter the permissions of the user running the browser. But, I could be wrong.
Posted by: PA-ITGuy   Posted on: 11/23/04 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Film at 11:00  ShadeTree | 11/23/04
What?  doe_z | 11/23/04
Aww, ya fell for it!  Martin Marvinski | 11/24/04
linux and firefox?  Monkey_MCSE | 11/23/04
Well Said Monkey!  itanalyst | 11/23/04
I guess..  d_jedi | 11/24/04
Read it and here is the quote  ShadeTree | 11/23/04
you can read the full story  Monkey_MCSE | 11/23/04
It is not the IE or Windows crowds that...  ShadeTree | 11/23/04
in fact, both crowds have people  Monkey_MCSE | 11/23/04
Really?  Immanuel Tranz-Mischen | 11/23/04
Turning off the java reminder popups  Anton Philidor | 11/24/04
Depends if you are running as root  Harry Butts | 11/23/04
Hear hear!  Yen_z | 11/23/04
Are you sure?  PA-ITGuy | 11/23/04
Mr. Butts is correct  PA-ITGuy | 11/24/04
Better design?  NonZealot | 11/23/04
And, as usual,  AmusedAtItAll | 11/23/04
Consider yourself challenged  NonZealot | 11/23/04
Re: Consider yourself challenged  richdave | 11/23/04
I'm sorry  NonZealot | 11/24/04
can you tell me what most home users  Monkey_MCSE | 11/23/04
Finally a message worth putting some thought into  NonZealot | 11/23/04
Ah you try to flame... but only blow smoke!  Linux User 147560 | 11/23/04
You must be a terrible admin  NonZealot | 11/23/04
Reading comprehension  tic swayback | 11/23/04
Yes, let's talk about reading comprehension  NonZealot | 11/24/04
your still wrong  doh123 | 11/24/04
NonZealot is RIGHT!!!  DragonBRockin | 11/24/04
You're SURE you're not running as admin?  Michael Kelly | 11/24/04
Ahh, anecdotes...  Martin Marvinski | 11/24/04
Windows Permissions  wolf_z | 11/24/04
You sure like to hear yourself type!  NonZealot | 11/24/04
wolf  Martin Marvinski | 11/24/04
Irony is I am not an Admin!  Linux User 147560 | 11/24/04
Good, glad we could agree  NonZealot | 11/24/04
RE: Good glad we could agree  Linux User 147560 | 11/24/04
Non Zealot... here is a good read for you...  Linux User 147560 | 11/24/04
Sure you can run without admin privileges.  Immanuel Tranz-Mischen | 11/24/04
What is your defn of day to day work?  NonZealot | 11/24/04
Oops, forgot a couple  NonZealot | 11/24/04
Fantastic  Martin Marvinski | 11/24/04
RE: fantastic  NonZealot | 11/24/04
Either that or...  rapson | 11/24/04
Re: Film at 11:00  richdave | 11/23/04
Oh come on....  mobrien_12@... | 11/23/04
There's no Java in MY FireFox...  Jomo_z | 11/24/04
Hmm...nice flamebait.  Linux_Developer | 11/24/04
oh - And...  Linux_Developer | 11/24/04
Arrogance and incompetence  FilledOut | 11/23/04
by that logic  doh123 | 11/24/04
Or AOL or Oracle  FilledOut | 11/24/04
Microsoft version of Java?  duclod | 11/23/04
MS Java was discontinued  Monkey_MCSE | 11/23/04
Since when?  htotten | 11/23/04
facts are straight, but if you use VS  Monkey_MCSE | 11/23/04
You're talking about different stuff  seosamh_z | 11/23/04
Your post said MS stopped developing JAVA.  htotten | 11/23/04
and if you're going to quote  Monkey_MCSE | 11/23/04
This is an interesting question.  mobrien_12@... | 11/23/04
Microsoft's JVM  PA-ITGuy | 11/24/04
MS version had its own flaws  CobraA1 | 11/25/04
Why the secrecy?  rapson | 11/23/04
Could it be...  PA-ITGuy | 11/23/04
Well...  rapson | 11/23/04
And see what hapens  PA-ITGuy | 11/23/04
Heres the problem *I* see  supercharlie | 11/23/04
If you're running J2RE it does autoupdate.  PA-ITGuy | 11/23/04
Perhaps I should add  PA-ITGuy | 11/23/04
Not necessarily  rapson | 11/23/04
Re:Not necessarily  PA-ITGuy | 11/23/04
Carl, it's the end users who are affected  Anton Philidor | 11/24/04
re : and see what happens  JasonL31 | 11/24/04
What *should* happen..  d_jedi | 11/24/04
Well, how about...  AmusedAtItAll | 11/23/04
No kidding.  mobrien_12@... | 11/23/04
I agree  JasonL31 | 11/24/04
JPEG flaw was unpatched by MS for 10 months!  David Hamilton | 11/24/04
So a hex on both of their houses  FilledOut | 11/24/04
Almost...  David Hamilton | 11/24/04
YES  JasonL31 | 11/24/04
Why no "auto-update" on this patch?  TwangGuru | 11/27/04
Am I the only who has disabled Java?  Expatriate US Geek | 11/24/04
Why I use Firefox - rather off-topic  Martin Marvinski | 11/24/04
I completely agree..  d_jedi | 11/24/04
Nope  FilledOut | 11/24/04
YES  JasonL31 | 11/24/04
Wow, I could click on an ad in IE...  boomslang_z | 11/24/04
A taste of your own medicine?  ISD_z | 11/28/04
Someone please check the record... Sun 1... MS 1000000000  john.gruber@... | 11/28/04
You think?  gary.douglas@... | 12/07/04

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement