From: Marc Schoenefeld <marc.schoenefeld (at) gmx dot org> Date: Sun, 12 Sep 2004 16:28:25 +0200 To: security@mozilla.org Hi there, the following javascript allows to guess files on the users machine via liveconnect. This covert channel can be exploited by analysing the exceptions that are thrown by the java plugin. I have put a test page on the web at www.programmierloesungen.de/test/GuessFile.html Sincerely Marc Schonefeld www.illegalaccess.org

Kyle, are you still working on Java?

Yes. taking.

FYI: I posted the bug to Sun in a java applet version in early April 2004. They said , they gonna fix it, now we have 5 month later ....

This is not a mozilla bug. This is a bug in java (java.awt.color.ICC_Profile) and has been fixed in jre 1.5. In jre 1.4.2, it throws a java.lang.IllegalArgumentException without checking the file access permission, but in jre 1.5, they fixed it, java.security.AccessControlException will be thrown firstly. Marc, have you tried your bug with jre 1.5? Please let me know if it's still reproducible, I'll push java team to fix it.

Known Java bug (supposed to be fixed in JRE 1.5), clearing security flag