No, i am referring to the same attack against the browser, not Java. And I can imagine a 12-year-old attack still working against a overhauled piece of software. :-)
Boris, > If we assume that a public-IP document can never > get hold of a private-IP document, these issues are > somewhat mitigated, perhaps. But that's a big > assumption... yes, that is what I think I am asserting and hopefully correctly assuming. Can you think of a case where this is valid and isn't an exploit? Doug On Jan 16, 2008, at 1:06 PM, Eric H. Jung wrote: > > --- Doug Turner <[EMAIL PROTECTED]> wrote: >> this will reduce, possibly >> zero, our vulnerability to Princeton style attacks. > > If you're referring to: > http://www.cs.princeton.edu/sip/news/dns-scenario.html > http://www.cs.princeton.edu/sip/news/sun-02-22-96.html > I can't imagine that 12-year-old attack still works with Java. The > Java security manager had a > major overhaul in December 1998 when Java2 (version 1.2) was released. > > > > > ____________________________________________________________________________________ > Looking for last minute shopping deals? > Find them fast with Yahoo! Search. > http://tools.search.yahoo.com/newsearch/category.php?category=shopping _______________________________________________ dev-tech-network mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-network
