-----BEGIN PGP SIGNED MESSAGE----- =============================================================================== Security Advisory CERT-NL =============================================================================== Author/Source : Olav ten Bosch / Don Stikvoort Index : S-96-16 Distribution : World Page : 1 Classification: External Version: 1 Subject : netscape / Java development kit Date : 29-Mar-96 =============================================================================== By courtesy of NASIRC and CERT Coordination Center we received information on vulnerabilities in netscape 2.01 and the Java development kit. These vulnerabilities allow "booby-trapped" web-pages to compromise the machine of anyone visiting this page with a Java-capable browser. CERT-NL recommends obtaining vendor patches as soon as they become available. Until then we urge you to apply the following workarounds: A. Java Development Kit users Sun reports that source-level fixes will be supplied to source licensees in the next few days. The fixes will also be included in the next JDK version, v1.0.2, which will be released within the next several weeks. The JDK itself is a development kit, and it can safely be used to develop applets and applications. If you choose to use the appletviewer as a rudimentary browser, do not use it to browse applets from untrusted sources until you have installed the v1.0.2 browser. B. Netscape users If you use Netscape 2.0 install 2.01 and proceed as below. If you use Netscape 2.01, disable Java and JavaScript using the "Security Preferences" dialog box. For the latest news about fixes for Netscape Navigator, consult the following for details: http://home.netscape.com/ ============================================================================== CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet is the Dutch network for educational, research and related institutes. CERT-NL is a member of the Forum of Incident Response and Security Teams (FIRST). All CERT-NL material is available under: http://www.surfnet.nl/surfnet/security/cert-nl.html ftp://ftp.surfnet.nl/surfnet/net-security In case of computer or network security problems please contact your local CERT/security-team or CERT-NL (if your institute is NOT a SURFnet customer please address the appropriate (local) CERT/security-team). CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer, i.e. UTC+0100 in winter and UTC+0200 in summer (DST). Email: cert-nl@surfnet.nl Phone: +31 302 305 305 Fax: +31 302 305 329 Snailmail: SURFnet bv Attn. CERT-NL P.O. Box 19035 NL - 3501 DA UTRECHT The Netherlands A 7 * 24 hours phone number is available to SURFnet SSC's and FIRST members on request. ============================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMVwYP2L2fnkJN/jpAQH3GgP/YLDTzvhW6hce6FFi4qlczXBYODVuMe+g dx6WSWaLhZeQ/fa7v7T3gW+X2keoKeX7idnB1f9sCVx6+y3otgElSWrsFbaLFxtD 91oTujTCEOGv65CiV7bcJXYpadtBddbDSOMk6hPMHi846IFhqtK39KJBLLJiJnYc TT5TmrNwR2E= =F/3v -----END PGP SIGNATURE-----