| |||||||||||||
And still can't save.And still can't save.Posted Sep 1, 2012 5:35 UTC (Sat) by gmatht (guest, #58961)In reply to: The new Java 0Day examined (The H) by CChittleborough Parent article: The new Java 0Day examined (The H)
Despite unsigned applets being rather dangerous, they are missing four important and rather safe rights:
1) The right to open a trusted file save dialog that a user can use to save a file to a location of their choosing. 2) The right to open a trusted file open dialog, as above. 3) The right to read from the clipboard immediately after the user has pressed Ctrl-V. 4) The right to write to the clipboard immediately after the user presses Ctrl-C or Ctrl-X.
Incidentally, since BicaVM came fairly close to creating a JavaScript JVM, I wonder if we could compile a JVM into NaCl to eliminate additional risk from Java plugins?
(Log in to post comments)
And still can't save. Posted Sep 2, 2012 1:20 UTC (Sun) by khim (subscriber, #9252) [Link] Incidentally, since BicaVM came fairly close to creating a JavaScript JVM, I wonder if we could compile a JVM into NaCl to eliminate additional risk from Java plugins? Well, Mono and V8 both work with NaCl so it's perfectly possible. The devil is in details, as usual. NaCl does not support all the APIs Java plugin supports (no synchronous API at all) so you can not create drop-in replacement. You can embed NaCl in the usual Java plugin instead... but this will be huge mess so it's not clear if it'll be an advantage or not.
|
|||||||||||||