97122 2003-03-28 21:29 /36 rader/ Marc Schoenefeld <schonef@uni-muenster.de>
Importerad: 2003-03-28 21:29 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <4240>
Ärende: Netscape and Opera crash via java
------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
executing
<scr1pt language="Javascript">
t = new Packages.sun.plugin.javascript.navig5.JSObject(1,1);
</scr1pt>
crashes Netscape 7.02 and Opera 7 on Windows XP.
The active JVM in both tested browsers is Java 1.4.1_02 from Sun.
This liveconnect (javascript-2-java-communication) stuff seems
to be still very dangerous.
Sincerely
Marc Schoenefeld
- --
Never be afraid to try something new. Remember, amateurs built the
ark; professionals built the Titanic. -- Anonymous
Marc Schönefeld Dipl. Wirtsch.-Inf. / Software Developer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (AIX)
Comment: For info see http://www.gnupg.org
iD8DBQE+hGTYqCaQvrKNUNQRAtd+AJ45+bI0xuUvd6ZBSzcPzhSEo1VNRgCfaIQ8
FeGV7V21kG13IReDa28yUEQ=
=UAKv
-----END PGP SIGNATURE-----
(97122) /Marc Schoenefeld <schonef@uni-muenster.de>/
Kommentar i text 97123 av Wayne D. Hoxsie Jr. <wayne@hoxnet.com>
Kommentar i text 97124 av Mischa Krilov <mischa@irev2.com>
97123 2003-03-28 22:20 /37 rader/ Wayne D. Hoxsie Jr. <wayne@hoxnet.com>
Importerad: 2003-03-28 22:20 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Externa svar till: wayne@hoxnet.com
Mottagare: Bugtraq (import) <4241>
Kommentar till text 97122 av Marc Schoenefeld <schonef@uni-muenster.de>
Ärende: Re: Netscape and Opera crash via java
------------------------------------------------------------
On Fri, 28 Mar 2003, Marc Schoenefeld wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> executing
>
> <scr1pt language="Javascript">
> t = new Packages.sun.plugin.javascript.navig5.JSObject(1,1);
> </scr1pt>
>
> crashes Netscape 7.02 and Opera 7 on Windows XP.
> The active JVM in both tested browsers is Java 1.4.1_02 from Sun.
>
> This liveconnect (javascript-2-java-communication) stuff seems
> to be still very dangerous.
>
> Sincerely
> Marc Schoenefeld
I tested it on the two versions of linux/mozilla I have immediately
available:
Crashes Mozilla 1.2a
(Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2a) Gecko/20020910)
Does not crash Mozilla 1.0
(Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020605)
--
Wayne D. Hoxsie Jr.
wayne@hoxnet.com
http://www.hoxnet.com
PGP Key ID 138BCEE1
(97123) /Wayne D. Hoxsie Jr. <wayne@hoxnet.com>/----
97124 2003-03-28 22:45 /19 rader/ Mischa Krilov <mischa@irev2.com>
Importerad: 2003-03-28 22:45 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Externa svar till: mischa@irev2.com
Mottagare: Bugtraq (import) <4242>
Kommentar till text 97122 av Marc Schoenefeld <schonef@uni-muenster.de>
Ärende: Re: Netscape and Opera crash via java
------------------------------------------------------------
On Friday 28 March 2003 09:05 am, Marc Schoenefeld wrote:
> <scr1pt language="Javascript">
> t = new Packages.sun.plugin.javascript.navig5.JSObject(1,1);
> </scr1pt>
Also crashes Mozilla 1.2.1 Mozilla/5.0 (Windows; U; Windows NT 5.0;
en-US; rv:1.2.1) Gecko/20021130, using Java Plug-in 1.3.1_04 for
Netscape Navigator (DLL Helper).
Mischa.
--
----------------
Mischa D. Krilov
mischa@irev2.com
504/525-2557x321
fax 504/525-6963
(97124) /Mischa Krilov <mischa@irev2.com>/(Ombruten)
Kommentar i text 97560 av Zelena Endre <ezelena@lme.linux.hu>
97560 2003-04-02 23:26 /38 rader/ Zelena Endre <ezelena@lme.linux.hu>
Importerad: 2003-04-02 23:26 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Externa svar till: ezelena@lme.linux.hu
Mottagare: Bugtraq (import) <4301>
Kommentar till text 97124 av Mischa Krilov <mischa@irev2.com>
Ärende: RE: Netscape and Opera crash via java
------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Crashes
Mozilla/5.0 (Windows; U; WinNT4.0; hu-HU; rv:1.3) Gecko/20030312
with
NPJava11.dll/Java Plug-in 1.4.0_01 for Netscape Navigator (DLL Helper)
NPJava12.dll/Java Plug-in 1.4.0_01 for Netscape Navigator (DLL Helper)
NPJava13.dll/Java Plug-in 1.4.0_01 for Netscape Navigator (DLL Helper)
NPJava32.dll/Java Plug-in 1.4.0_01 for Netscape Navigator (DLL Helper)
NPJPI140_01.dll/Java Plug-in 1.4.0_01 for Netscape Navigator (DLL Helper)
NPOJI610.dll/Java Plug-in 1.4.0_01 for Netscape Navigator
(DLL Helper) too.
Endre
> -----Original Message-----
> From: Mischa Krilov [mailto:mischa@irev2.com]
> Sent: Friday, March 28, 2003 8:36 PM
> To: bugtraq@securityfocus.com
> Subject: Re: Netscape and Opera crash via java
> Also crashes Mozilla 1.2.1 Mozilla/5.0 (Windows; U; Windows
> NT 5.0; en-US;
> rv:1.2.1) Gecko/20021130, using Java Plug-in 1.3.1_04 for Netscape
> Navigator (DLL Helper).
>
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQA/AwUBPordZF5b3gMNSD8KEQIuPgCeM3zFA194ZHRQuxuxSoToawNm47MAn3+J
LURAsYm5wW61ELExmDPxnOzu
=tRRF
-----END PGP SIGNATURE-----
(97560) /Zelena Endre <ezelena@lme.linux.hu>/(Ombruten)
Kommentar i text 97832 av Richard H. Cotterell <seec@mail.retina.ar>
97832 2003-04-04 20:48 /57 rader/ Richard H. Cotterell <seec@mail.retina.ar>
Importerad: 2003-04-04 20:48 av Brevbäraren
Extern mottagare: ezelena@lme.linux.hu
Extern mottagare: bugtraq@securityfocus.com
Externa svar till: seec@mail.retina.ar
Mottagare: Bugtraq (import) <4359>
Kommentar till text 97560 av Zelena Endre <ezelena@lme.linux.hu>
Ärende: RE: Netscape and Opera crash via java
------------------------------------------------------------
Why don't you upgrade your Java RE to v1.4.1.02 and see what happens?
Doesn't crash my Mozilla v1.3 build 20030312, but then I run AnalogX's
Script Defender as an added optional protection.
Ref: Zelena Endre <ezelena@lme.linux.hu>'s
message dated 02 April 2003, 14:53 hours.
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Crashes
> Mozilla/5.0 (Windows; U; WinNT4.0; hu-HU; rv:1.3) Gecko/20030312
>with
> NPJava11.dll/Java Plug-in 1.4.0_01 for Netscape Navigator (DLL Helper)
> NPJava12.dll/Java Plug-in 1.4.0_01 for Netscape Navigator (DLL Helper)
> NPJava13.dll/Java Plug-in 1.4.0_01 for Netscape Navigator (DLL Helper)
> NPJava32.dll/Java Plug-in 1.4.0_01 for Netscape Navigator (DLL Helper)
> NPJPI140_01.dll/Java Plug-in 1.4.0_01 for Netscape Navigator (DLL Helper)
> NPOJI610.dll/Java Plug-in 1.4.0_01 for Netscape Navigator (DLL Helper)
>too.
>
>Endre
>
>> -----Original Message-----
>> From: Mischa Krilov [mailto:mischa@irev2.com]
>> Sent: Friday, March 28, 2003 8:36 PM
>> To: bugtraq@securityfocus.com
>> Subject: Re: Netscape and Opera crash via java
>
>> Also crashes Mozilla 1.2.1 Mozilla/5.0 (Windows; U; Windows
>> NT 5.0; en-US;
>> rv:1.2.1) Gecko/20021130, using Java Plug-in 1.3.1_04 for Netscape
>> Navigator (DLL Helper).
>>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP 8.0
>
>iQA/AwUBPordZF5b3gMNSD8KEQIuPgCeM3zFA194ZHRQuxuxSoToawNm47MAn3+J
>LURAsYm5wW61ELExmDPxnOzu
>=tRRF
>-----END PGP SIGNATURE-----
>
>
--
Richard H. Cotterell <mailto:seec@mail.retina.ar>
Reason often makes mistakes, but conscience never does.
-Josh Billings, columnist and humorist (1818-1885)
(97832) /Richard H. Cotterell <seec@mail.retina.ar>/