Date: Sat, 5 Aug 2000 02:04:29 -0000 From: Dan Brumleve <dan+security@BRUMLEVE.COM> Subject: Dangerous Java/Netscape Security Hole To: BUGTRAQ@SECURITYFOCUS.COM Dear BugTraq, I've found some security holes in Java and Netscape that allow arbitrary network access and read-access for local files and directories. As a demonstration I've written Brown Orifice HTTPD, a web server and file sharing tool that runs in Netscape Communicator on all tested platforms. For more information, see: http://www.brumleve.com/BrownOrifice -- Dan Brumleve <dan+security@brumleve.com>