[WBEL-users] JavaScript Exploit With jsdk < 1.4.2_06

[Ben Mohilef]

If you have installed Sun's jre or j2sdk with revision level less than  
1.4.2_06 in your Mozilla/Firefox, you are susceptible to a security 
hole for which an exploit will surely be making the rounds. Crafted 
script installed in a web site could allow the attacker to operate at 
the level of the user who invoked the browser. 

You can upgrade from:

http://java.sun.com/j2se/1.4.2/download.html

After upgrade, installation of the browser link is easy:

After installing, change the link so that the symbolic link

/usr/lib/mozilla-1.4.3/plugins/libjavaplugin_oji.so 

points to  

/usr/java/j2sdkj1.4.2_06/jre/plugin/i386/ns610-
gcc32/libjavaplugin_oji.so

If you are running tomcat, be sure to make sure that JAVA_HOME 
in 

/etc/rc.d/init.d/tomcat

is set to the new java location. Otherwise after the next 
reboot/restart tomcat may not work.

If you have Windows boxes on your network, this advice applies 
doubly. The Win installer for the Sun upgrade handles the links in 
Mozilla and IE well without additional work. 

regards,

benm