Pages Menu
Categories Menu

Posted by on 20th October, 2003

Cross Site Scripting with Java applets exploit

Article by Marc Schoenefeld on cross site through Java applets. Unsigned applets coming from different sites may share data areas via undocumented static variables of the jdk. While altering these variables JDK internal states may become corrupt and functionality is no longer. This especially concerns XML processing which depends on the org.apache.xalan.processor.XSLProcessorVersion class. This behavior violates the isolation restriction of the sandbox.