[WBEL-users] JavaScript Exploit With jsdk < 1.4.2_06
Ben Mohilef
benm@dsl-only.net
Sun, 05 Dec 2004 11:55:42 -0800
If you have installed Sun's jre or j2sdk with revision level less than
1.4.2_06 in your Mozilla/Firefox, you are susceptible to a security
hole for which an exploit will surely be making the rounds. Crafted
script installed in a web site could allow the attacker to operate at
the level of the user who invoked the browser.
You can upgrade from:
http://java.sun.com/j2se/1.4.2/download.html
After upgrade, installation of the browser link is easy:
After installing, change the link so that the symbolic link
/usr/lib/mozilla-1.4.3/plugins/libjavaplugin_oji.so
points to
/usr/java/j2sdkj1.4.2_06/jre/plugin/i386/ns610-
gcc32/libjavaplugin_oji.so
If you are running tomcat, be sure to make sure that JAVA_HOME
in
/etc/rc.d/init.d/tomcat
is set to the new java location. Otherwise after the next
reboot/restart tomcat may not work.
If you have Windows boxes on your network, this advice applies
doubly. The Win installer for the Sun upgrade handles the links in
Mozilla and IE well without additional work.
regards,
benm