JavaFAQ Home » Security

Security Vulnerability With Java Web Start Related to Incorrect Use of System Classes!

Sun Java Web Start is vulnerable and may allow remote attackers to gain unauthorized access to a vulnerable computer!!!

A security vulnerability in Java Web Start may allow an untrusted application to elevate its privileges. For example, an application may grant itself permissions to read and write local files that are accessible to the user running the Java Web Start application.

Read more below...

To workaround the problem, you should not lunch untrusted applications with Java Web Start. You can even temporarily disable the use of Java Web Start.

To prevent any Java applications from being automatically launched from a web browser follow the next steps:

For Mozilla:

1. Edit --> Preferences
2. Then select "Helper Applications" located in the "Navigator" category
3. In the "Files types" window, scroll until you locate "application/x-java-jnlp-file"
4. Remove "application/x-java-jnlp-file".

For Internet Explorer (IE):

1. Open File Explorer.
2. Tools -->Folder Options
3. Select the "File Types"
4. In the "Registered File Types" window, scroll down, locate and select the "JNL - JNLP File"
5. Click the "Delete" button to remove the "JNL - JNLP File"

Also remove shortcuts to unknown Java applications from your desktop or start menu.

Affected Java versions

Sun SDK (Windows Production Release) 1.4.2 _08
Sun SDK (Windows Production Release) 1.4.2 _05
Sun SDK (Windows Production Release) 1.4.2 _04
Sun SDK (Windows Production Release) 1.4.2 _03
Sun SDK (Windows Production Release) 1.4.2
Sun SDK (Windows Production Release) 1.4.2
Sun SDK (Windows Production Release) 1.4.2
Sun SDK (Windows Production Release) 1.4.2
Sun SDK (Windows Production Release) 1.4.2
Sun SDK (Windows Production Release) 1.4.2
Sun SDK (Solaris Production Release) 1.4.2 _08
Sun SDK (Solaris Production Release) 1.4.2 _05
Sun SDK (Solaris Production Release) 1.4.2 _04
Sun SDK (Solaris Production Release) 1.4.2 _03
Sun SDK (Solaris Production Release) 1.4.2
Sun SDK (Solaris Production Release) 1.4.2
Sun SDK (Solaris Production Release) 1.4.2
Sun SDK (Solaris Production Release) 1.4.2
Sun SDK (Solaris Production Release) 1.4.2
Sun SDK (Solaris Production Release) 1.4.2
Sun SDK (Linux Production Release) 1.4.2 _08
Sun SDK (Linux Production Release) 1.4.2 _05
Sun SDK (Linux Production Release) 1.4.2 _04
Sun SDK (Linux Production Release) 1.4.2 _03
Sun SDK (Linux Production Release) 1.4.2 _02
Sun SDK (Linux Production Release) 1.4.2 _01
Sun SDK (Linux Production Release) 1.4.2
Sun SDK (Linux Production Release) 1.4.2
Sun SDK (Linux Production Release) 1.4.2
Sun SDK (Linux Production Release) 1.4.2
Sun SDK (Linux Production Release) 1.4.2
Sun SDK (Linux Production Release) 1.4.2
Sun JRE (Windows Production Release) 1.4.2 _12
Sun JRE (Windows Production Release) 1.4.2 _06
Sun JRE (Windows Production Release) 1.4.2 _05
Sun JRE (Windows Production Release) 1.4.2 _04
Sun JRE (Windows Production Release) 1.4.2 _03
Sun JRE (Windows Production Release) 1.4.2 _02
Sun JRE (Windows Production Release) 1.4.2 _01
Sun JRE (Windows Production Release) 1.4.2
Sun JRE (Windows Production Release) 1.4.2
Sun JRE (Windows Production Release) 1.4.2
Sun JRE (Windows Production Release) 1.4.2
Sun JRE (Windows Production Release) 1.4.2
Sun JRE (Windows Production Release) 1.4.2
Sun JRE (Windows Production Release) 1.4.2
Sun JRE (Solaris Production Release) 1.4.2 _12
Sun JRE (Solaris Production Release) 1.4.2 _06
Sun JRE (Solaris Production Release) 1.4.2 _05
Sun JRE (Solaris Production Release) 1.4.2 _04
+ Opera Software Opera Web Browser 7.54
Sun JRE (Solaris Production Release) 1.4.2 _03
Sun JRE (Solaris Production Release) 1.4.2 _02
Sun JRE (Solaris Production Release) 1.4.2 _01
Sun JRE (Solaris Production Release) 1.4.2
Sun JRE (Solaris Production Release) 1.4.2
Sun JRE (Solaris Production Release) 1.4.2
Sun JRE (Solaris Production Release) 1.4.2
Sun JRE (Solaris Production Release) 1.4.2
Sun JRE (Solaris Production Release) 1.4.2
Sun JRE (Solaris Production Release) 1.4.2
Sun JRE (Linux Production Release) 1.4.2 _12
Sun JRE (Linux Production Release) 1.4.2 _06
Sun JRE (Linux Production Release) 1.4.2 _05
Sun JRE (Linux Production Release) 1.4.2 _04
+ Opera Software Opera Web Browser 7.54
Sun JRE (Linux Production Release) 1.4.2 _03
Sun JRE (Linux Production Release) 1.4.2 _02
Sun JRE (Linux Production Release) 1.4.2 _01
Sun JRE (Linux Production Release) 1.4.2
Sun JRE (Linux Production Release) 1.4.2
Sun JRE (Linux Production Release) 1.4.2
Sun JRE (Linux Production Release) 1.4.2
Sun JRE (Linux Production Release) 1.4.2
Sun JRE (Linux Production Release) 1.4.2
Sun JRE (Linux Production Release) 1.4.2
Sun Java 2 Runtime Environment 5.0.Update 9
Sun Java 2 Runtime Environment 5.0.Update 10
Sun Java 2 Runtime Environment 5.0 Update 8
Sun Java 2 Runtime Environment 5.0 Update 7
Sun Java 2 Runtime Environment 5.0 Update 6
Sun Java 2 Runtime Environment 5.0 Update 5
Sun Java 2 Runtime Environment 5.0 Update 4
Sun Java 2 Runtime Environment 5.0 Update 3
Sun Java 2 Runtime Environment 5.0 Update 2
Sun Java 2 Runtime Environment 5.0 Update 1
Sun Java 2 Runtime Environment 5.0

Not affected Java versions:

Sun SDK (Windows Production Release) 1.4.2
Sun SDK (Solaris Production Release) 1.4.2
Sun SDK (Linux Production Release) 1.4.2
Sun JRE (Windows Production Release) 1.4.2
Sun JRE (Solaris Production Release) 1.4.2
Sun JRE (Linux Production Release) 1.4.2
Sun Java 2 Runtime Environment 5.0 Update 11

Custom Search