| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <o2ha847a3141004161956ofd01663bmfb75b5c4d13924e4@mail.gmail.com> Date: Sat, 17 Apr 2010 03:56:48 +0100 From: Nick Boyce <nick.boyce@...il.com> To: full-disclosure@...ts.grok.org.uk Cc: Tavis Ormandy <taviso@....lonestar.org> Subject: Re: Java Deployment Toolkit Performs Insufficient Validation of Parameters On Fri, Apr 9, 2010 at 12:08 PM, Tavis Ormandy <taviso@....lonestar.org> wrote: > ------------------- > Mitigation > ----------------------- [...] > - Mozilla Firefox and other NPAPI based browser users can be protected using > File System ACLs to prevent access to npdeploytk.dll. Just for the record (since I had to go hunting to find out), Giorgio Maone says NoScript will protect Firefox users (so long as you haven't whitelisted the relevant website for other purposes) : http://forums.informaction.com/viewtopic.php?f=8&t=4207 As a lot of folks are concluding, it's better to just uninstall Java altogether (at least till Soracle sorts out the various appalling design decisions they seem to have made with this product), but some of us are stuck with workstations that need Java installed for one reason or another. Cheers Nick -- Leave the Olympics in Greece, where they belong. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists