R
Roedy Green
Presumably will fix the 0-day exploit.
I will find out after I get it myself.
I will find out after I get it myself.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
A
Arne Vajhøj
R
Roedy Green
Presumably will fix the 0-day exploit.
I will find out after I get it myself.
the release notes are at
http://www.oracle.com/technetwork/java/javase/7u11-relnotes-1896856.html
As I read them the "fix" is just to turn off Applets entirely, by
default -- hardly a fix. Perhaps one of the group's language lawyers
could see if I interpreted that correctly.
--
Roedy Green Canadian Mind Products http://mindprod.com
The first 90% of the code accounts for the first 90% of the development time.
The remaining 10% of the code accounts for the other 90% of the development
time.
~ Tom Cargill Ninety-ninety Law
A
Arne Vajhøj
the release notes are at
http://www.oracle.com/technetwork/java/javase/7u11-relnotes-1896856.html
As I read them the "fix" is just to turn off Applets entirely, by
default -- hardly a fix. Perhaps one of the group's language lawyers
could see if I interpreted that correctly.
I don't read it that way.
<quote>
This release contains fixes for security vulnerabilities. For more
information, see Oracle Security Alert for CVE-2013-0422.
In addition, the following change has been made:
Area: deploy
Synopsis: Default Security Level Setting Changed to High
The default security level for Java applets and web start applications
has been increased from "Medium" to "High".
</quote>
.... contains fixes ... in addition ... security level
setting changed ...
I can not interpret that other than there are both a fix
and a change in default security level.
Arne
E
Eric Sosman
[...]
<quote>
This release contains fixes for security vulnerabilities. For more
information, see Oracle Security Alert for CVE-2013-0422.
CERT's advice is
"Immunity has indicated that only the reflection
vulnerability has been fixed and that the JMX MBean
vulnerability remains. [...] Unless it is absolutely
necessary to run Java in web browsers, disable it as
described below, even after updating to 7u11. [...]"
--from <http://www.kb.cert.org/vuls/id/625617>
Write once, pwn anywhere ...
A
Arne Vajhøj
[...]
<quote>
This release contains fixes for security vulnerabilities. For more
information, see Oracle Security Alert for CVE-2013-0422.
CERT's advice is
"Immunity has indicated that only the reflection
vulnerability has been fixed and that the JMX MBean
vulnerability remains. [...] Unless it is absolutely
necessary to run Java in web browsers, disable it as
described below, even after updating to 7u11. [...]"
--from <http://www.kb.cert.org/vuls/id/625617>
Write once, pwn anywhere ...
According to the link then the exploits require both
vulnerabilities.
But obviously the unfixed problem could be part of new
exploits as well.
So it definitely should be fixed. And hopefully it
will be.
Arne
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.
Forum statistics
Latest Threads
-
What steps are the key steps involved in designing a product?
- Started by remotedevelopers
-
How to fetch and console.log all items from an associative array
- Started by John Keets
-
The *Best Python Cheat Sheet
- Started by kmh
-
Programming Blog
- Started by WhiteCube
-
Why getting 404 errors?
- Started by IBMJunkman
-
Wonky image crisis
- Started by OBXKH
-
JS exercise ''find the mistake'' not understood well
- Started by Chris
-
How does Mobile App Development company approach user experience (UX)?
- Started by remotedevelopers
-
Media query issue
- Started by OBXKH