CALDEIRÃO DE BOLSA

chegando a casa e cuscando umas novidades pela net para chamar o sono, deparei-me com uma notícia de uma vulnerabilidade grave no java plug-in

... e como isso é uma aplicação essencial convém que actualizem isso. No meu caso tinha J2SE 1.4.2_05 e actualizei para J2SE 1.4.2_06


"Sun reported a vulnerability in the Java Plug-in. A remote user can create an applet that, when loaded, will gain elevated privileges via malicious Javascript. The applet can read and write local files or execute local applications with the privileges of the user running the untrusted applet.

An untrusted applet may also be able to interfere with another applet within the same web page, causing the other applet to incorrectly load non-code resources such as files and web pages.

Sun credits Fujitsu with reporting these flaws.

SDK and JRE 1.4.2_05 and earlier, all 1.4.1 and 1.4.0 releases, and 1.3.1_12 and earlier are affected.

JDK and JRE 5.0 are not affected.

SUN has issued the following fixes:

SDK and JRE 1.4.2_06 and later and 1.3.1_13 and later

J2SE releases are available at:

http://java.sun.com/j2se/

J2SE 5.0: http://java.sun.com/j2se/1.5.0/download.jsp
J2SE 1.4.2_06: http://java.sun.com/j2se/1.4.2/download.html and http://java.com
J2SE 1.3.1_14: http://java.sun.com/j2se/1.3/download.html "