Author Topic: Is this vulnerability repaired? (Read 2513 times)

polonus · « **on:** December 27, 2005, 08:04:51 PM »

Hello,

Users of alternate browsers, that run Sun Java applets can fall prey to slimeware that infects IE through Firefox, at least we had reports earlier this year. Is this hole plugged, or what.
see: http://www.channelregister.co.uk/2005/03/11/alternative_slimeware/

That is why I always advise users of alternate browsers like FF 1.5
and Flock to install NoScript, and temporarily allow only that (or part of that) site, that one trusts or has pre-scanned with Dr.Web's pre-hyperlink scanner plug-in both for FF 1.5 x and Flock.
Anyone on the fact if the malicious applet still making victims,

polonus

FreewheelinFrank · « **Reply #1 on:** December 27, 2005, 08:25:18 PM »

Hi Polonus,

It's not strictly a vulnerability- or if it is, it's a vulnerability in any browser running Sun Java- a vulnerability to 'social engineering. Apparently, Sun have made the security pop-up more intuitive since then. But users still have to avoid clicking 'yes' to software installs of ActiveX or Java not from legitimate sites.

http://www.edbott.com/weblog/archives/000562.html

FreewheelinFrank · « **Reply #2 on:** December 29, 2005, 06:00:46 PM »

I came across a page saying that the Firefox pop-up blocker can now be configured to block all such requests for software installation- useful if you have less security-aware users on your computer.

Author Topic: Is this vulnerability repaired? (Read 2513 times)

polonus

Is this vulnerability repaired?

FreewheelinFrank

Re: Is this vulnerability repaired?

FreewheelinFrank

Re: Is this vulnerability repaired?