firefox blocks java
thufir
hawat.thufir at gmail.com
Sat Dec 21 08:34:48 UTC 2013
On Fri, 20 Dec 2013 12:55:45 -0600, Tommy Trussell wrote:
>> http://www.securelist.com/en/analysis/204792310/
Kaspersky_Lab_Report_Java_under_attack_the_evolution_of_exploits_in_2012_2013
>>
>>
>>
>>
> On closer inspection that article is somewhat of an advertisement.
> However I think you can glean from it that the major threat is not Java
> alone, but Java embedded in web sites that exploit vulnerabilities --
> the places you can jump OUT of the sandbox, essentially.
It's not just an advertisement, it's misinformed:
"...and the software was not built with security in mind." This is just
flat-out wrong, Java, from the get-go, has been a sandbox. That was one
of its selling points.
In all honesty, I haven't looked into it. However, Kaspersky is selling
software for a different OS, an OS known to have security problems.
They're not likely to say that the problem is inherent to the OS.
I have no idea how it really works, but I'm wondering if it's not that the
sandbox per se is compromised, but perhaps it's just not really possible
to sandbox a VM on Windows?
I've never seen, to my knowledge, and I haven't looked into it, a known
case of the JVM sandbox, not sure of the technical term, not working on
Linux.
That is, is there an actual case of a program which can break out of the
sandbox on Linux JVM? I've never heard of one, and a cursory glance of
the security mailing list, nothing popped out.
-Thufir
More information about the ubuntu-users
mailing list