“A serious vulnerability has been found in a version of Netscape
Navigator and Netscape Communicator Java interpreter that allows
Web-based programs to access virtually any file. The vulnerability
also lets the same Java code act like Windows Explore and can
browse and access files on other computers that are visible from
the exploited computer.”
“The problem affects all versions of Netscape Navigator and
Netscape Communicator 4.74 and earlier when Java and downloadable
plug-ins are enabled on Windows 9x, Windows NT/2K and Linux.
The current beta version of the product, Mozilla, is not now
vulnerable nor is any version of Microsoft Internet Explorer. The
problem will not occur on any affected Netscape browser if Java
disabled.”
“The security hole, describe by secure experts as “serious,”
allows Web-based Java code to start a server process on the machine
with the Netscape client. The Web-based programs could be used in a
Web page by a malicious Web site or by a malicious person who hacks
into a Web site and plants the code in a Web page.”