From: stevenw@best.com (Steven Weller)
Date: Sat, 18 May 1996 16:25:59 +0800
To: cypherpunks@toad.com
Subject: RISKS: YANSF (Yet Another Netscape Security Flaw)
Message-ID: <v01540b05adc2ec47083c@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


Reposted from RISKS:

----------------------------------------------------------------------

Date: Fri, 17 May 1996 17:11:34 -0400
From: Ed Felten <felten@CS.Princeton.EDU>
Subject: Netscape 2.02 RISK

SECURITY FLAW IN NETSCAPE 2.02

We have discovered an attack that allows a Java applet running under
Netscape Navigator 2.02 to generate and execute arbitrary machine code.
The attack combines a new security bug found by Tom Cargill with some ideas
previously discovered by the Princeton team.  We have implemented a
demonstration applet that deletes a file.  We are not yet releasing
technical details.

For more information, contact Ed Felten (felten@cs.princeton.edu,
609-258-5906), or see http://www.cs.princeton.edu/sip/News.html

Tom Cargill
Independent Consultant
http://www.csn.net/~cargill/

Dirk Balfanz, Drew Dean, Ed Felten, Dan Wallach
Dept. of Computer Science, Princeton University
http://www.cs.princeton.edu/sip/

------------------------------

-------------------------------------------------------------------------
Steven Weller                      |  Weller's three steps to Greatness:
                                   |     1. See what others cannot
                                   |     2. Think what others cannot
stevenw@best.com                   |     3. Express what others cannot