Sun Fixes Critical Java Plug-In FlawsBy Ryan Naraine | Print
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
The more serious of the two vulnerabilities could lead to system bypass attacks, while the other could allow interference by an untrusted applet.A pair of vulnerabilities in the Sun Java Plug-In technology could put users at risk of system bypass attacks, Sun Microsystems Inc. confirmed Thursday.
A second bug may allow an untrusted applet to inappropriately interfere with another applet in the same Web page, the company said, noting that the interference may cause the applet to incorrectly load non-code resources such as files and Web pages.
Affected products include Sun Java JRE 1.3.x, Sun Java JRE 1.4.x, Sun Java SDK 1.3.x and Sun Java SDK 1.4.x.
Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.