Java applets read protected resources

operators of the server make updating a high priority. One way to do so is to check the strength of the server and complain to the administrators if it is using weak SSL to protect sensitive information like credit card details or bank account details.

Java applets read protected resources

Netscape

Communicator and Navigator ship with Java classes that allow an unsigned Java applet to access local and remote resources in violation of the security policies for applets. According to a CERT advisory (CA-2000-15) failures in the netscape.net package permit a Java applet to read files from the local file system by opening a connection to a URL using the 'file' protocol. For example, by opening a connection to 'file:///C:/somefile.txt' an intruder can read the contents of that file. This vulnerability affects systems running Netscape Communicator 4.04 through 4.74 with Java enabled and not Netscape 6.

It is also possible to use this technique to open connections to resources using other types of protocols; that is, it is possible to open a connection to 'http', 'https', 'ftp' and other types of URLs using this vulnerability. By then using ordinary techniques, a malicious Java applet that exploits this vulnerability could subsequently send the contents of the file (or other resource) to