icedtea-web installed and enabled by default in Fedora 19
Przemek Klosowski
przemek.klosowski at nist.gov
Wed Jun 19 17:01:38 UTC 2013
On 06/19/2013 01:29 AM, Dhiru Kholia wrote:
> Some recent news,
>
> http://www.theregister.co.uk/2013/06/14/java_june_critical_patch_update/
>
> "The majority are vulnerable through browser plugins, 11 of which are
> exploitable for complete control of the underlying operating system,"
> said Ross Barrett, senior manager of security engineering at Rapid7.
Not that I am stepping up to defend Java plugins, but let's not be
overly alarmist here. TheReg's article indeed points out some severe
vulnerabilities, but they should not be 'exploitable for complete
control of the underlying operating system' unless there is another
vulnerability, e.g. in the kernel.
The quote above is from another article, and in my personal opinion it
is overly shrill. As a general observation, security companies might
just have a slight bias hyping up threats, but not to worry because they
can also offer inexpensive and convenient solutions.
More information about the devel
mailing list