Home » 2010 » February » 10
Views: 5934 | Added by: b1zz4rd | Date: 2010-02-10 | Comments (0)

Same-origin policy for Java

Much like Adobe Flash, Java applets, reportedly supported on about 80% of all desktop systems, follow the basic concept of same-origin checks applied to a runtime context derived from the site the applet is downloaded from. The documentation for Java security model available on the Internet appears to be remarkably poor and spotty, so the information provided in this section is in large part based on empirical testing. According to this research, the following permissions are available to Java applets:

  • The ability to interact with JavaScript on the embedding page through the JSObject API, with no specific same-origin checks. This mechanism is disabled by ... Read more »
Views: 728 | Added by: b1zz4rd | Date: 2010-02-10 | Comments (0)

Part2  
Browser Security Handbook, part 2

Browser Security Handbook, part 2

Table of Contents

Views: 5570 | Added by: b1zz4rd | Date: 2010-02-10 | Comments (0)


     Core Security Technologies - CoreLabs Advisory
          http://www.coresecurity.com/corelabs/

Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers



1. *Advisory Information*

Title: Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers
Advisory Id: CORE-2010-0121
Advisory URL:
http://www.coresecurity.com/content/filename-pseudonyms-vulnerabilities
Date published: 2010-02-05
Date of last update: 2010-02-05
Vendors contacted: Cherokee team, Nginx team, Mongoose team
Release mode: User release



2. *Vulnerability Information*

Class: Improper Handling of Exceptional Conditions [CWE-755], Path
traversal [CWE-22 ... Read more »
Views: 6739 | Added by: b1zz4rd | Date: 2010-02-10 | Comments (0)