Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
What's the story with these ads on Slashdot? Check out our new blog post to find out. ×
Firefox

Submission + - Firefox devs mull dumping Java to stop BEAST attac->

rastos1 writes: In a demonstration last Friday, it took less than two minutes for researchers Thai Duong and Juliano Rizzo to wield the exploit to recover an encrypted authentication cookie used to access a PayPal user account. The researchers settled on a Java applet as their means to bypass SOP, leading Firefox developers to discuss blocking the framework in a future version of the browser.
“I recommend that we blocklist all versions of the Java Plugin,” Firefox developer Brian Smith wrote on Tuesday in a discussion on Mozilla's online bug forum. “My understanding is that Oracle may or may not be aware of the details of the same-origin exploit. As of now, we have no ETA for a fix for the Java plugin.”

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Firefox devs mull dumping Java to stop BEAST attac

Comments Filter:

It's time to boot, do your boot ROMs know where your disk controllers are?

Working...