Note: This is an archival copy of Security Sun Alert 201010 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000762.1.
Date of Resolved Release
The XSLT processor included with the Java Runtime Environment (JRE) may allow an untrusted applet to read data from another applet that is processed using the XSLT processor and may allow the untrusted applet to escalate privileges.
Sun acknowledges, with thanks, Marc Schoenefeld for bringing these issues to our attention.
These issues can occur in the following releases:
Windows Production Releases
Solaris Operating Environment Production Releases
Linux Production Releases
Note: SDK and JRE releases for Windows, Solaris and Linux prior to 1.4.0 are not affected by these issues.
To determine the release of a Java installation, run the "java" command with the "-fullversion" option:
$ java -fullversion java full version "1.4.2_04-b03"
There are no reliable symptoms that would show the described issues have been exploited.
There is no workaround. Please see the "Resolution" section below.
These issues are addressed in the following releases:
Windows Production Release
Solaris Operating Environment Production Release
Linux Production Release
Note: SDK and JRE releases are available at: http://java.sun.com/j2se/
Java 2 Platform, Standard Edition 1.4.2
This solution has no attachment