lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.50.0303281300390.20524-100000@sagan.hoxnet.com>
Date: Fri, 28 Mar 2003 13:04:55 -0600 (CST)
From: "Wayne D. Hoxsie Jr." <wayne@...net.com>
To: bugtraq@...urityfocus.com
Subject: Re: Netscape and Opera crash via java


On Fri, 28 Mar 2003, Marc Schoenefeld wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> executing
>
> <scr1pt language="Javascript">
> t = new Packages.sun.plugin.javascript.navig5.JSObject(1,1);
> </scr1pt>
>
> crashes Netscape 7.02 and Opera 7 on Windows XP.
> The active JVM in both tested browsers is Java 1.4.1_02 from Sun.
>
> This liveconnect (javascript-2-java-communication) stuff seems
> to be still very dangerous.
>
> Sincerely
> Marc Schoenefeld

I tested it on the two versions of linux/mozilla I have immediately
available:

Crashes Mozilla 1.2a
  (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2a) Gecko/20020910)

Does not crash Mozilla 1.0
  (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020605)

-- 
Wayne D. Hoxsie Jr.
wayne@...net.com
http://www.hoxnet.com
PGP Key ID 138BCEE1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ