Announcement

Collapse
No announcement yet.

Java vulnerability with active exploit

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Java vulnerability with active exploit

    I was getting a popup from Firefox warning me that the "Java Deployment Toolkit" was being disabled because it had a known vulnerability. Some investigation revealed that Java doesn't remove old code (in case some old widget needs it for compatibility) and it doesn't update frequently so I'm likely to have the vulnerable code installed for quite some time.

    Here's a story about the active exploit taking advantage of this:

    http://www.theregister.co.uk/2010/04...ity_exploited/

    The Firefox bug report, with lots of details:

    https://bugzilla.mozilla.org/show_bug.cgi?id=558584

    Information on uninstalling the old versions of Java:

    http://www.java.com/en/download/faq/...erversions.xml
    http://www.java.com/en/download/help/uninstall_java.xml

    And then go back to the main Java home page to install the latest version, currently version 6 update 20:

    http://www.java.com/
    Dude, seriously, WHAT handkerchief?

    snooggums' density principal: "The more dense a population, the more dense a population."

    Iliana: "You're a great friend but if we're ever chased by zombies I'm tripping you."

  • #2
    Re: Java vulnerability with active exploit

    Hmm, something must be wrong on my end. I had the FF JDK disabled already and yet I just got a pop-up again telling me I should restart FF to disable it.

    Hmm, Update 20. Ack. I just installed JDK Update 19 the other day.
    |TG-18th| Acreo Aeneas
    TG World of Tanks Clan Executive Officer
    Former 9th & 13th

    Pronounciation: Eh-Cree-Oh Ah-Nay-Ess
    Still can't say it? Call me Acorn then. -.-





    SSDs I Own: Kingston HyperX 3K (240 GB), Samsung 840 Pro (256 GB), Samsung 840 EVO (250 GB), Samsung 840 x 2 (120 GB), Plextor M5S (120 GB), OCZ Vertex (30 GB)

    TG Primer and Rules

    Comment


    • #3
      Re: Java vulnerability with active exploit

      Thanks for doing the legwork on this, ScratchMonkey! I need Java once in a blue moon, so I just disabled it in the browser and hoped it would go away. Your approach is better :)




      Who needs a life when you can have a heavy bolter?
      --BlackMirror
      <23:03:38> "|TG|Smachin<BF Admin>" was kicked from the server by "|TG-70th| Zhohar" (UNDERAGE ban.)
      Anything over $600, and it would be pointless to try and reason with Grandma
      --Blackraven93

      Comment

      Connect

      Collapse

      TeamSpeak 3 Server

      Collapse

      Advertisement

      Collapse

      Twitter Feed

      Collapse

      Working...
      X