![]() ![]() (Background: distros on the Mac that can use Java haveįor some time bundled the Java Embedding Plugin The updates that are new in 10.4's Java Release 6). Mac OS X Release 6, and on OS X 10.5.1 (whose JVM already contained I've confirmed this, both on OS X 10.4.11 with Apple's new Java for With the Sun JRE updates, the Firefox Java plugins on these platforms are no longer vulnerable to the document.domain bypass.Ī demo showing how connections can be made to a localhost web server via the loopback device is available from the URL above. Sun Java Runtime Environment fixes for Windows and Linux were released at the beginning of October. By using the document.domain exception to the same origin policy, LiveConnect can be used to create arbitrary socket connections. The update appears to contain fixes for the DNS rebinding vulnerabilities discussed in bug #389625.Įven though the Java runtime has been updated, the Firefox Mac OS X Java Plugin (MRJ Plugin) appears to remain vulnerable to the 'document.domain' bypass. ![]() User-Agent: Mozilla/5.0 (Macintosh U PPC Mac OS X Mach-O en-US rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11īuild Identifier: Mozilla/5.0 (Macintosh U PPC Mac OS X Mach-O en-US rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11Īpple has released Java for Mac OS X 10.4, Release 6 ( available from ).
0 Comments
Leave a Reply. |