Date: Mon, 12 May 1997 09:30:16 -0700
Message-Id: <199705121630.JAA18406@puffin.eng.sun.com>
From: Marianne Mueller <mrm@Eng>
To: delaport@euklid.informatik.uni-dortmund.de
Subject: Re: Security Hole
Java and JavaScript aren't related. JavaScript is a separate
language, with its own syntax and its own interpreter. (It isn't
interpreted by the Java virtual machine.)
Netscape is the only browser that supports interaction between
JavaScript and other components in their browser. You might want to
contact Netscape if you believe you have found a JavaScript bug.
I believe it is Netscape's intention that JavaScript be used to invoke
Java applets (and vice versa), so probably they wouldn't characterize
that as a bug.
JavaScript isn't related to standard Java, anyway, and there aren't
any standard APIs for interaction with JDK components like applets or
beans.
Marianne
> Date: Mon, 12 May 1997 00:26:35 +0200
> From: Benjamin de la Porte des Vaux <delaport@euklid.informatik.uni-dortmund.de>
>
> Dear security-team,
>
> In the beginning of May have I found
> a Java-Javascript Security Hole.
>
> I've nowhere heard about it and I've
> even read (in your Web Pages too)
> things I consider to be false.
> That's why I think it is a new
> (I mean a new revealed) Security Hole.
>
> I've worked hard and quick to present
> this problem in a Web Page:
>
> http://euklid.informatik.uni-dortmund.de/~delaport/rep/security.html
>
> I hope You will find some interest in it.
> For the moment, have I not made too much
> publicity for that...
>
> I would be happy to have feedback.
>
> I hope I've modestly contribute to your work.
>
> Yours sincerely,
>
> Benjamin de la PORTE des VAUX.
>