Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.java.programmer > #18466

Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out

From markspace <-@.>
Newsgroups comp.lang.java.programmer
Subject Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out
Date 2012-08-30 23:29 -0700
Organization A noiseless patient Spider
Message-ID <k1plkf$r9n$1@dont-email.me> (permalink)
References <6luv38htl4ve3ldqv0pd1pmu876gddq2v6@4ax.com> <50400827$0$289$14726298@news.sunsite.dk> <k1p1fp$24v$1@dont-email.me> <ei604819trie2avefhs4punmav31tmibuo@4ax.com> <slrnk40ksb.mg5.fredrik@scout.jonson.org>

Show all headers | View raw

On 8/30/2012 11:02 PM, Fredrik Jonson wrote:
>
> Without pointing you to the source code of the exploit, which is widely
> available this time, when reading the code it becomes trivially clear to
> anyone that it allows the attacker to execute _any_ code on the target
> machine. It evades the normal java sandbox completely.


But only for Java 7.  Java 6 is fine.

I'm really appreciating Firefox right now.  Earlier this year Firefox 
forced me to do an upgrade of itself, then it invalidated my Java 
plug-in and forced a re-installation of that as well.  Yes, OK, whatever 
Firefox;  I didn't think too much about it afterwards even though it 
annoyed me at the time.

Now I just double-checked and realized that I've had the 1.6 version of 
the plug-in this whole time, even though I know I've had Java 7 since it 
first came out.  Bravo for Firefox keeping the secure version instead of 
using the latest version.

Back to comp.lang.java.programmer | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

JDK 1.7.0_07 and JDK 1.6.0_35 are out Roedy Green <see_website@mindprod.com.invalid> - 2012-08-30 16:44 -0700
  Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out Arne Vajhøj <arne@vajhoej.dk> - 2012-08-30 20:41 -0400
    Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out markspace <-@.> - 2012-08-30 17:45 -0700
      Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out Arne Vajhøj <arne@vajhoej.dk> - 2012-08-30 20:52 -0400
      Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out Roedy Green <see_website@mindprod.com.invalid> - 2012-08-30 19:16 -0700
        Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out Fredrik Jonson <fredrik@jonson.org> - 2012-08-31 06:02 +0000
          Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out markspace <-@.> - 2012-08-30 23:29 -0700
            Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out Arne Vajhøj <arne@vajhoej.dk> - 2012-08-31 15:38 -0400
            Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out Fredrik Jonson <fredrik@jonson.org> - 2012-08-31 20:20 +0000
              Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out Fredrik Jonson <fredrik@jonson.org> - 2012-09-01 06:38 +0000
                Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out Roedy Green <see_website@mindprod.com.invalid> - 2012-09-02 02:15 -0700
          Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out Roedy Green <see_website@mindprod.com.invalid> - 2012-08-31 15:21 -0700
            Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out Arne Vajhøj <arne@vajhoej.dk> - 2012-08-31 19:53 -0400
        Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out Arne Vajhøj <arne@vajhoej.dk> - 2012-08-31 15:36 -0400

csiph-web