Smart Partner: Serious Security Hole Found In Netscape's JavaAug 08, 2000, 14:14 (2 Talkback[s])
(Other stories by Chris DeVoney)
"A serious vulnerability has been found in a version of Netscape Navigator and Netscape Communicator Java interpreter that allows Web-based programs to access virtually any file. The vulnerability also lets the same Java code act like Windows Explore and can browse and access files on other computers that are visible from the exploited computer."
"The problem affects all versions of Netscape Navigator and Netscape Communicator 4.74 and earlier when Java and downloadable plug-ins are enabled on Windows 9x, Windows NT/2K and Linux. The current beta version of the product, Mozilla, is not now vulnerable nor is any version of Microsoft Internet Explorer. The problem will not occur on any affected Netscape browser if Java disabled."
"The security hole, describe by secure experts as "serious," allows Web-based Java code to start a server process on the machine with the Netscape client. The Web-based programs could be used in a Web page by a malicious Web site or by a malicious person who hacks into a Web site and plants the code in a Web page."