Re: Security of Java?

From: donutbandit (none_at_none.com)
Date: 01/15/04


Date: 15 Jan 2004 18:24:56 GMT

Peter James <nospam@petefjames.clara.co.uk> wrote in
news:1074185645.17792.0@lotis.uk.clara.net:

> I've just started to use Opera v7.23 with Java 2 Runtime Enviroment,
> SE V1.42_01.
> I've read mention on Usenet of certain security problems with Java.
> Can anyone enlighten me on this, and is Opera with Java safe of should
> I disable Java. And if yes, how?

I would feel far safer using Sun Java with Opera than using IE.

However, there have been some recent issues with RedSheriff and Java.
RedSheriff is a tracking concern that uses a small Java applet on web
sites.

http://kalsey.com/2002/11/java_spyware/

Here is also some info on how to set up Proxomitron and DNSKong to disable
RedSheriff.

http://forums.spywareinfo.com/index.php?s=4dcaed0193f52ec7413d62b68c50b6cf&
showtopic=2239&st=0



Relevant Pages

  • Java Vulnerabilities in Opera 7.54
    ... Opera 7.54 is vulnerable to leakage of the java sandbox, ... applets to gain unacceptable privileges. ... The public class EcmaScriptObject exposes a system memory pointer ...
    (Bugtraq)
  • [Full-Disclosure] Java Vulnerabilities in Opera 7.54
    ... Opera 7.54 is vulnerable to leakage of the java sandbox, ... applets to gain unacceptable privileges. ... The public class EcmaScriptObject exposes a system memory pointer ...
    (Full-Disclosure)
  • Java Vulnerabilities in Opera 7.54
    ... Opera 7.54 is vulnerable to leakage of the java sandbox, ... applets to gain unacceptable privileges. ... The public class EcmaScriptObject exposes a system memory pointer ...
    (Full-Disclosure)
  • Rumours about Opera
    ... The opera guys use their own binding from javascript to java, ... Java 1.4.2_05 also has a vulnerability in the serialization APIs (used by ... > upgrade probably means that there is an independent bug in Opera Java ...
    (Full-Disclosure)
  • [Full-Disclosure] Rumours about Opera
    ... The opera guys use their own binding from javascript to java, ... Java 1.4.2_05 also has a vulnerability in the serialization APIs (used by ... > upgrade probably means that there is an independent bug in Opera Java ...
    (Full-Disclosure)