The How-To Geek Forums Have Migrated to Discourse

How-To Geek Forums / Geek Stuff

Researcher Unearths Two New Java Zero-Day Bugs

(4 posts)
  • Started 4 years ago by Straspey
  • Latest reply from StringJunky
  • Topic Viewed 347 times

Posts: 556

From Computerworld:

February 25, 2013

Computerworld - A Polish security firm known for rooting out Java vulnerabilities has reported two new bugs in the browser plug-in to Oracle, Security Explorations said today.

On its bug-reporting status page, Security Explorations noted that it had submitted details of the flaws, including proof-of-concept exploit code, to Oracle.

"We had yet another look into Oracle's Java SE 7 software that was released by the company on Feb. 19," said Adam Gowdiak, in an email reply to questions today. "As a result, we have discovered two new security issues, which when combined together, can be successfully used to gain a complete Java security sandbox bypass in the environment of Java SE 7 Update 15 (1.7.0_15-b03)."

Read the full article:

Posted 4 years ago
Posts: 10945
Posts: 556

Mike -

As a result of this recent spate of "Bad Java" scares and warning, I removed Java from my system about three weeks ago and - so far, so good.

A couple of sites I visit seem to look slightly different now, but that has not prevented me from normal usage.

- Howard

Posted 4 years ago
Posts: 2454

In Chrome my plugins are set to Click To Play in Settings > Show Advanced Settings > Privacy (Content Settings) > Plugins > Click To Play. This apparently is the safest way to have Java ie not enabled by default. This is the view and operation for Flash but it works the same for Java. You can also click to enable cookies for a site if cookies are disabled by default in Settings. That's the brown icon with the cross on it next to the plugin icon I pointed to in the address bar in the image...I have third-party cookies disabled by default.

Posted 4 years ago

Topic Closed

This topic has been closed to new replies.