485116 – IcedTea plugin allows applets to call System.exit()

Bug 485116 - IcedTea plugin allows applets to call System.exit()

Summary: IcedTea plugin allows applets to call System.exit()

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	java-1.6.0-openjdk
Sub Component:
Version:	10
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Deepak Bhole
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-02-11 17:27 UTC by Deepak Bhole
Modified:	2009-04-23 19:28 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2009-04-23 19:28:15 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Deepak Bhole 2009-02-11 17:27:21 UTC

An applet can call System.exit(), which in certain cases will cause the JVM to exit. Thus creating a potential DoS attack, as any other running applets will end up shutting down as well.

The fix is in the upstream repository, and need to be brought into Fedora (10 and Rawhide).

Comment 1 Deepak Bhole 2009-04-23 19:28:15 UTC

Fixed in all currently supported releases.

Note You need to log in before you can comment on or make changes to this bug.