firefox blocks java
tommy.trussell at gmail.com
Fri Dec 20 18:55:45 UTC 2013
On Fri, Dec 20, 2013 at 12:45 PM, Tommy Trussell
<tommy.trussell at gmail.com>wrote:
> On Fri, Dec 20, 2013 at 12:47 AM, thufir <hawat.thufir at gmail.com> wrote:
>> On Thu, 19 Dec 2013 22:22:33 -0600, Tommy Trussell wrote:
>> >> I appreciate the security angle, but I wonder how much of that is
>> >> specific to Windows.
>> > The Java vulnerabilities I have heard of are specific to *Java*, which
>> > runs on Windows, Mac OS and many cell phones and embedded devices. Java
>> > has access to your network, your hard drive, your camera, your
>> > microphone... just about everything on your system. That's why folks get
>> > antsy about vulnerabilities in it.
>> I get your point, and it's not to troll this topic, I'm actually curious.
>> I found:
>> in the ubuntu security mailing list. Granted, I only downloaded the
>> latest 999 headers for the security mailing list, but that dates back to
>> 2011 and was the only one with "Java" in the subject relating to a JVM.
>> Granted, there were some Apache libraries with vulnerabilities, but that's
>> specific to a library, not the VM itself. Presumably, it's sandboxed...?
> I am not sure what distinction you may be drawing between various
> components but here's one of many articles I have seen:
On closer inspection that article is somewhat of an advertisement. However
I think you can glean from it that the major threat is not Java alone, but
Java embedded in web sites that exploit vulnerabilities -- the places you
can jump OUT of the sandbox, essentially.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ubuntu-users