|
Full Disclosure
mailing list archives
Re: Java Deployment Toolkit Performs Insufficient Validation of Parameters
From: Nick Boyce <nick.boyce () gmail com>
Date: Sat, 17 Apr 2010 03:56:48 +0100
On Fri, Apr 9, 2010 at 12:08 PM, Tavis Ormandy <taviso () sdf lonestar org> wrote:
-------------------
Mitigation
-----------------------
[...]
- Mozilla Firefox and other NPAPI based browser users can be protected using
File System ACLs to prevent access to npdeploytk.dll.
Just for the record (since I had to go hunting to find out), Giorgio
Maone says NoScript will protect Firefox users (so long as you haven't
whitelisted the relevant website for other purposes) :
http://forums.informaction.com/viewtopic.php?f=8&t=4207
As a lot of folks are concluding, it's better to just uninstall Java
altogether (at least till Soracle sorts out the various appalling
design decisions they seem to have made with this product), but some
of us are stuck with workstations that need Java installed for one
reason or another.
Cheers
Nick
--
Leave the Olympics in Greece, where they belong.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
