978 B
978 B
| announced | fixed_in | impact | reporter | title | |||
|---|---|---|---|---|---|---|---|
| July 1, 2008 |
|
High | Gregory Fleischer | Arbitrary socket connections with Java LiveConnect on Mac OS X |
Description
Security researcher Gregory Fleischer reported a vulnerability in the way Mozilla indicates the origin of a document to the Java Embedding Plugin (JEP) that ships with Firefox on Mac OS X. This vulnerability could allow a malicious Java applet to bypass the same-origin policy and create arbitrary socket connections to other domains.
Workaround
Disable Java on Mac OS X until a version containing these fixes can be installed.