miguel gmail wrote:
no parece que se trate de un virus, si no de una vulnerabilidad en java. En la lista de seguridad cuentan algo y dan una pagina de test:
there is a test for this problem on the german news site heise.de (sorry, only in German).
http://www.heise.de/security/dienste/browsercheck/tests/java.shtml
On this site is the following paragraph:
Am 23.11.2004 wurde ein Problem bekannt, dass bei Suns Java-Plug-ins JavaScript auf Java-Objekte zugreifen und dabei die Beschränkungen der Sandbox umgehen kann. Sie können dies __hier__ testen. Geht beim Klick auf den Link ein Fenster auf, mit dem Hinweis "Sie sind verwundbar", sollten Sie eine neuere Java-Version installieren. Sun hat den Fehler in Version 1.4.2_06 beseitigt.
You have to click on the word __hier__. If a window pops up with the message: Sie sind verwundbar: class sun.text.utility
then you are vulnerable.
Some more informations and links you may find on
http://www.heise.de/newsticker/meldung/53582 (also German, I'm sorry)
O sea: Firefox en 9.2 y mozilla en 9.0 estan afectadas. He deshabilitado en firefox el java y ya no aparece la vulnerabilidad dichosa (bueno, eso espero :-D)
San Google: (este es el texto traducido con google de aleman a ingles, del parrafo después del cubo rubik) ------------------------- The Java programs run off thereby in a sand box in such a way specified. That means, the applet run in an environment closed in itself, the Java Virtual Machine (JVM), which does not have an access to local resources such as files or programs. By this concept Java is actually a safe technology -- unfortunately occasionally errors creep also with the implementation of the JVM, which lead to safety gaps. Then special Java applet can access local files for example nevertheless. An example of it is Brown Orifice httpd, which uses an error in all êr versions (until including 4.74) of the Netscape of navigator, in order to install a Web server in the Browser. Over this server can then jederman files of the computer concerned download. In addition the server can manufacture also entrance to protected servers behind a Firewall. Also the InterNet Explorer is affected by similar nose. Due to platform independence all operating systems are affected by such nose, which support Java - and those are nahzu all. Thus Brown Orifice runs also with the Linux version of the Communicators. To 23.11.2004 became a problem admits that with Suns Java Plug in Javascript can access Java objects and go around the restrictions of the sand box. They can test this here. If a window comes up, with the reference "you is vulnerable" with clicks on the left, you should install a newer Java version. Sun eliminated the error in version 1.4.2_06. The test can fail for example with old Java versions. In the case of doubt you examine the Java version in the following window. All Sun versions smaller than 1.4.2_06 are vulnerable, Blackdown the error in version 1.4.2_01 repaired. Opera users should consider the message Java implementation in Opera incompletely. -------------------------- Entonces no es para privarse de java, bastaría con usar uno mayor que 1.4.2_06 Saludos